Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [x-forwarded-for]

HTTP header field for identifying the origin IP address

HTTP header field is a de facto standard for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. This is an HTTP request header which was introduced by the Squid caching proxy server's developers. A standard has been proposed at the Internet Engineering Task Force (IETF) for standardising the Forwarded HTTP header.

70 questions
11
votes
1 answer

How to log original value of $remote_addr when using Real-IP

My environment has user requests passing through a number of systems: [Client] --> [ELB] ---> [nginx] --> [web] (ELB = AWS Elastic Load Balancer) Thanks to this answer, I have nginx determining and passing the correct client IP address to the…
michaelg
  • 230
  • 1
  • 3
  • 9
10
votes
2 answers

Apache mod_remoteip and access logs

Since Apache 2.4 I've started using mod_remoteip instead of mod_extract_forwarded for rewriting client address from x-forwarded-for provided by frontend servers (varnish, squid, apache etc). So far everything works fine with the modules, i.e. php,…
GioMac
  • 4,444
  • 3
  • 24
  • 41
8
votes
2 answers

Nginx clear X-Forwarded-For before setting

What can I use in the nginx config to make it clear any existing X-Forwarded-For headers before setting its own? I am currently using Nginx to terminate SSL before passing traffic to HAProxy to load balance. Right now, I have: proxy_set_header…
sidprak
  • 400
  • 4
  • 9
7
votes
1 answer

Possible to log X-FORWARDED-FOR to nginx error_log?

Nginx allows custom log formats for access logs -- right now I'm logging http_x_forwarded_for and it's working fine. The problem is my error log only shows the LB IP. After Googling and reading through their documentation, it seems error_log…
skrewler
  • 308
  • 1
  • 3
  • 13
7
votes
1 answer

Add haproxy X-Forwarded-Host request header

I have a Haproxy instance that rewrites Host headers to internal ones using http-request set-header. http-request set-header Host internal.example However, I'd still like backends to have access to the original Host header. I think X-Forwarded-Host…
steveh7
  • 163
  • 1
  • 2
  • 6
7
votes
3 answers

F5 Big-IP, X-Forwarded-For and IIS Logs

I've got an F5 Big-IP that is mangaged by our hosting provider. It's dedicated to our private VLAN, etc. Works great :) We requested them to add in an X-Forwarded-For HTTP-Header field. They've done that and we can now access that in the code.…
Pure.Krome
  • 6,338
  • 17
  • 72
  • 86
7
votes
3 answers

Overriding the X-Forwarded-For header in haproxy?

In my HAProxy load balancer, I have the following config chunks: defaults mode http log global option httplog clf option dontlognull option…
Evan
  • 307
  • 1
  • 4
  • 12
7
votes
3 answers

How to best configure IIS7 logging to capture "HTTP_X_FORWARDED_FOR" header

We have IIS7 servers sitting behind an nginx reverse proxy. The reverse proxy is sending the standard "HTTP_X_FORWARDED_FOR" header with the visitor IP address, but IIS7 logging is only logging the IP address of the nginx server (which makes sense,…
zeroasterisk
  • 275
  • 1
  • 4
  • 10
6
votes
3 answers

Forwarding real remote IP to proxied server with nginx

To hide my website IP I proxied the main server with nginx on another VPS. I am trying to send the visitor real IP to my website and here is my config in conf.d folder: proxy_cache_path /etc/nginx/cacheddata levels=1:2 …
Amin
  • 79
  • 1
  • 2
  • 4
6
votes
2 answers

mod_evasive behind HAPROXY

I have a couple of Apache 2 machines behind an HAPROXY setup, I tried to setup mod_evasive on those Apache machine while also using mod_rpaf to get the real X-FORWARDED client ip. For some reason, mod_evasive grabs and blocks some ips (testing with…
Elad Meidar
  • 171
  • 1
  • 3
5
votes
2 answers

Private address space IP found in X-Forwarded-For

I'm reverse proxying with nginx behind Google Cloud (HTTPS) Load Balancer, so I add the X-Forwarded-For header so that the backend can extract the client (browser) IP. This morning I noticed a 10.x.x.x IP in the logs, how is this possible?
Rhangaun
  • 179
  • 1
  • 15
4
votes
1 answer

is there a standard for chaining x-forwarded-for headers?

IETF RFC 2616 Section 4.2 allows a request to contain multiple headers with the same field-name as long as chronological order of insertion is preserved and their values can be converted into single header with a comma-separated list of…
BaltoStar
  • 189
  • 2
  • 11
3
votes
1 answer

Pass Client IP from AWS ELB to HA Proxy

We have a issue in our application where the client IP is not getting passed to the App servers in the following setup. USER---------> AWS ELB -----------> HAPROXY -----------> Application server(apache) Our ELB is using TCP listeners and we have…
Udith Nalaka
  • 31
  • 2
3
votes
1 answer

Check Varnish ACL via X-Forwarded-For when behind one or more(!) reverse proxies

I have Varnish running behind a reverse proxy (running on localhost, for SSL offloading). The proxy sets the X-Forwarded-For header or adds itself to it if the header already exists. When I do ACL checks of course I want to check against the…
Martijn Heemels
  • 7,438
  • 6
  • 39
  • 62
3
votes
1 answer

Configuring nginx to log original requestor IP (instead of IP of forward proxy)

On an nginx-enabled website I maintain, some visitors are behind a certain forward proxy. Since requests pass through the proxy's servers, the HTTP Request IP address in these cases is always from proxy servers instead of from the original…
Hassan Baig
  • 2,033
  • 11
  • 27
  • 47
1
2 3 4 5