Module ngx_http_realip_module
| Example Configuration Directives set_real_ip_from real_ip_header real_ip_recursive Embedded Variables |
The ngx_http_realip_module module is used
to change the client address to the one sent in the specified header field.
This module is not built by default, it should be enabled with the
--with-http_realip_module
configuration parameter.
Example Configuration
set_real_ip_from 192.168.1.0/24; set_real_ip_from 192.168.2.1; set_real_ip_from 2001:0db8::/32; real_ip_header X-Forwarded-For; real_ip_recursive on;
Directives
| Syntax: |
set_real_ip_from
|
|---|---|
| Default: | — |
| Context: |
http, server, location |
Defines trusted addresses that are known to send correct
replacement addresses.
If the special value unix: is specified,
all UNIX-domain sockets will be trusted.
IPv6 addresses are supported starting from versions 1.3.0 and 1.2.1.
| Syntax: |
real_ip_header
|
|---|---|
| Default: |
real_ip_header X-Real-IP; |
| Context: |
http, server, location |
Defines the request header field whose value will be used to replace the client address.
The proxy_protocol parameter (1.5.12) changes
the client address to the one from the PROXY protocol header.
The PROXY protocol must be previously enabled by setting the
proxy_protocol parameter
in the listen directive.
| Syntax: |
real_ip_recursive |
|---|---|
| Default: |
real_ip_recursive off; |
| Context: |
http, server, location |
This directive appeared in versions 1.3.0 and 1.2.1.
If recursive search is disabled, the original client address that matches one of the trusted addresses is replaced by the last address sent in the request header field defined by the real_ip_header directive. If recursive search is enabled, the original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field.
Embedded Variables