1

I'm running a Nginx 1.2.4 webserver here, and I'm behind a proxy of my hoster to prevent ddos attacks. The downside of being behind this proxy is that I need to get the REAL IP information from an extra header. In PHP it works great by doing $_SERVER[HTTP_X_REAL_IP] for example.

Now before I was behind this proxy of my hoster I had a very effective way of blocking certain IP's by doing this: include /etc/nginx/block.conf and to allow/deny IP's there.

But now due to the proxy, Nginx sees all traffic coming from 1 IP.

Is there a way I can get Nginx to read the IP's like how PHP does, with the X-REAL-IP header?

Mr.Boon
  • 1,471
  • 4
  • 24
  • 43

2 Answers2

2

Usually proxy servers send an header X_FORWARDED_FOR containing clients real ip address. You can use --with-http_realip_module to get the real ip address. Here is module's page

Hex
  • 1,949
  • 11
  • 17
  • Great! Yeah I checked my Nginx config. configure arguments: --prefix=/opt/nginx --user=nginx --group=nginx --with-http_ssl_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module And it is not currently in that list. Is there a way of using the http_realip_module without recompiling Nginx? As that would mean downtime. – Mr.Boon Oct 31 '12 at 09:24
  • I dont think it is possible. – Hex Oct 31 '12 at 09:26
  • 3
    Recompiling nginx doesn't mean downtime, as it's capable of binary upgrade on the fly, see http://nginx.org/en/docs/control.html#upgrade. – Maxim Dounin Oct 31 '12 at 09:50
  • I have recompiled Nginx with that module. I have added real_ip_header X-Forwarded-For; include blockips.conf; but the IP's I enter there are not being blocked. Also in my nginx.log files, I still only see the proxy IP's and not the REAL user IP's. What am I doing wrong? I have also tried, real_ip_header X-Real-IP; but that made no difference either. – Mr.Boon Oct 31 '12 at 13:49
2

I solved it.

Had to add: set_real_ip_from 0.0.0.0;

that IP being the proxy

Mr.Boon
  • 1,471
  • 4
  • 24
  • 43