CODEWITHSUNDEEP
nginxruby-on-rails-5nginx-reverse-proxy
opensource-developer
opensource-developer

Reputation: 3068

set_real_ip_from still included in HTTP_X_FORWARDED_FOR

I am trying to configure my reverse nginx proxy to send the real IP address of the client instead of the proxy itself.

I am trying to implement as suggested in many posts I see but its not working as expected.

below is the relevant part of the nginx.conf

http {
  set_real_ip_from 123.0.0.0/8;
  set_real_ip_from 123.123.12.22; -- example ip
  real_ip_header X-Forwarded-For;
  real_ip_recursive on;

  server {
    location @app {
      proxy_pass http://127.0.0.1:3000;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
    }


}

from what i understand the ip we set in set_real_ip_from are trusted ips and HTTP_X_FORWARDED_FOR will point to the first or last non trusted ips. But thats not happening.

When i try to print request.env['HTTP_X_FORWARDED_FOR'] is still see 123.123.12.22 and request.remote_ip still points to the proxy address 123.123.12.22

Any help in this would be great. Thanks.

Upvotes: 3

Views: 8702

Answers (1)

Lyzard Kyng
Lyzard Kyng

Reputation: 1568

Seems you misunderstand this nginx feature. real_ip module is for restore client address hidden to some additional header by another (front-end or load-balancing) web server.

You should remove all real_ip lines from nginx config and use X-Real-IP header in your application. If this isn't sufficient you can replace X-Forwarded-For in the server block with

proxy_set_header X-Forwarded-For $remote_addr;

Upvotes: 0

Related Questions