I'm reverse proxying with nginx behind Google Cloud (HTTPS) Load Balancer, so I add the X-Forwarded-For
header so that the backend can extract the client (browser) IP.
This morning I noticed a 10.x.x.x
IP in the logs, how is this possible?
I'm reverse proxying with nginx behind Google Cloud (HTTPS) Load Balancer, so I add the X-Forwarded-For
header so that the backend can extract the client (browser) IP.
This morning I noticed a 10.x.x.x
IP in the logs, how is this possible?
How your logging interprets the header containing multiple IP addresses? If it takes the first IP address instead of the correct one, this may well be address added by someones forward proxy instead of your reverse proxy.
The header and its contents are documented in GCP Setting Up HTTP(S) Load Balancing article:
X-Forwarded-For: <unverified IP(s)>, <immediate client IP>, <global forwarding rule external IP>, <proxies running in GCP>
(requests only)A comma-separated list of IP addresses appended by the intermediaries the request traveled through. If you are running proxies inside GCP that append data to the
X-Forwarded-For
header, then your software must take into account the existence and number of those proxies. Only the<immediate client IP>
and<global forwarding rule external IP>
entries are provided by the load balancer. All other entries in the list are passed along without verification.
Just adjust your logging accordingly.
I am using the google cloud load balancer and google cloud DNS and nginx as reverse proxy. and using below nginx configuration.
set_real_ip_from 10.48.0.0/14;
set_real_ip_from 10.128.0.0/9;
set_real_ip_from 10.114.44.0/22;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
it works cloudfare dns but not with google cloud dns and AWS route 53,facing the issue since 1 month. i have also used real_ip_header CF-Connecting-IP; but still not fetching client IP ,I always see the local ips of gcp instances in the nginx logs,is there any issue with DNS please let me know how to resolve this issue.