8

I've noticed in our access logs that sometimes, the $http_x_forwarded_for variable has not been set, and instead, the correct IP is the one set to $remote_addr. Is it possible to set $http_x_forwarded_for as $remote_addr, when it doesn't otherwise exist?

Basically, the following psuedo code, in nginx logic:

if($http_x_forwarded_for == null) $http_x_forwarded_for = $remote_addr

I base some limit req zones on the $http_x_forwarded_for, so I think this issue could be why it doesn't always take effect.

Thanks.

SteveEdson
  • 1,479
  • 3
  • 12
  • 23

1 Answers1

3

I'd hazard a guess that you've got ngx_http_realip_module enabled and not all of your proxies' IPs are listed as trusted.

ceejayoz
  • 32,469
  • 7
  • 81
  • 105
  • How would I find out if a module has been enabled? – SteveEdson Mar 05 '14 at 16:43
  • `nginx -V` will tell you which ones are installed. You'd want to look for the various config variables like `set_real_ip_from` in your `.conf` files to see if it's **used** anywhere. – ceejayoz Mar 05 '14 at 17:45
  • 2
    I think the issue is that the traffic that does not have `$http_forwarded_for` set, hasn't come through the load balancer. – SteveEdson Mar 28 '14 at 14:27