发布于 2015-09-20 00:04:47 | 93 次阅读 | 评论: 0 | 来源: 网络整理

This module lets to change the client's IP address to value from request header (e. g. X-Real-IP or X-Forwarded-For).

It is useful if nginx works behind some proxy of L7 load balanver, and request come from local IP, but proxy add request header with client's IP.

This module isn't built by default, enable it with the configure option

--with-http_realip_module

User Note: "You will build a list of trusted proxies (see below) and the first IP in the header which is not trusted will be used as the client IP." Source: README of the Apache module mod_extract . Quite informative, about why and how this security feature is helpful.

Example:

set_real_ip_from   192.168.1.0/24;
set_real_ip_from   192.168.2.1;
real_ip_header     X-Real-IP;

指令

set_real_ip_from

syntax: set_real_ip_from [the address|CIDR]

default: none

context: http, server, location

This directive describes the trusted addresses, which transfer accurate address for the replacement.

real_ip_header

syntax: real_ip_header [X-Real-IP|X-Forwarded-For]

default: real_ip_header X-Real-IP

context: http, server, location

This directive sets the name of the header used for transferring the replacement IP address.

References

Original Documentation

最新网友评论  共有(0)条评论 发布评论 返回顶部

Copyright © 2007-2017 PHPERZ.COM All Rights Reserved   冀ICP备14009818号  版权声明  广告服务