On Wed, Mar 08, 2017 at 01:56:04AM -0500, c0nw0nk wrote:
Hi there,
> The usage of the final output is as easy as this. "$client_ip_output;"
> limit_req_zone $client_ip_output zone=one:10m rate=1r/s; #usage example for
> the resulting output after all fallback checks and ip whitelist checks etc.
On Tue, Mar 07, 2017 at 06:44:05PM -0500, c0nw0nk wrote:
Hi there,
> I was just looking at the realip module but that module does not seem to
> support fallback methods like I demonstrated I was in need of.
I'm not convinced that you need anything other than what the realip module
provides; but
This kind of logic, as you found out, can be handled in nginx with the help
of the proper tools, namely the map module.
You are one step away: you can actually program what you require to be
feeding the realip module with the HTTP header name you ended up with.
Rather than having contiguous maps,
Hey again,
So I modified my config to this as to prevent client's IP spoofing.
map $http_x_forwarded_for $client_ip_x_forwarded_for {
"" $remote_addr; #if this header missing set remote_addr as real ip
default $http_x_forwarded_for;
}
map $http_cf_connecting_ip $client_ip_from_cf {
""
Hey,
I was just looking at the realip module but that module does not seem to
support fallback methods like I demonstrated I was in need of. (If it does
support multiple headers and fallback conditions can someone provide a
demonstration)
If real_ip_header CF-Connecting-IP; is missing then
On Mon, Mar 06, 2017 at 02:12:40PM -0500, c0nw0nk wrote:
Hi there,
good that you've found some more answers.
There's still some to be worked on, though, I suspect.
> So to explain how to get the origin IP for each method someone could be
> using here is the list :
>
> Cloudflares proxied
So I figured out the problem is a bit of a dynamic one.
My Nginx accepts some connections via cloudflare's proxy and other's via
their DNS only and other connections go through a load balancing ip that
sets a x-forwarded-for header containing the real IP, While others can avoid
all of that and
Thank's for the info :)
But why is $remote_addr outputting a hyphen instead of the users IP...
I still expect to see the client's IP address.
B.R. via nginx Wrote:
---
> That is because it is not: your eyes deceived you having a too quick
>
That is because it is not: your eyes deceived you having a too quick look
at the log line.
Your 'empty' variables are actually showing the value '-' in this log line.
It probably does not help debugging to have static '-' mixed in the format
of your log lines where you put them.
---
*B. R.*
On
Francis Daly Wrote:
---
> On Fri, Mar 03, 2017 at 10:47:26AM -0500, c0nw0nk wrote:
>
> Hi there,
>
> > map $http_cf_connecting_ip $client_ip_from_cf {
> > default $http_cf_connecting_ip;
> > }
> >
> > How can I make it so if the client did not
Thank's Francis much appreciated it seems to be working good :)
Francis Daly Wrote:
---
> On Fri, Mar 03, 2017 at 10:47:26AM -0500, c0nw0nk wrote:
>
> Hi there,
>
> > map $http_cf_connecting_ip $client_ip_from_cf {
> > default
On Fri, Mar 03, 2017 at 10:47:26AM -0500, c0nw0nk wrote:
Hi there,
> map $http_cf_connecting_ip $client_ip_from_cf {
> default $http_cf_connecting_ip;
> }
>
> How can I make it so if the client did not send that $http_ header it makes
> $client_ip_from_cf variable value = $binary_remote_addr
>
So I have the following Map
map $http_cf_connecting_ip $client_ip_from_cf {
default $http_cf_connecting_ip;
}
How can I make it so if the client did not send that $http_ header it makes
$client_ip_from_cf variable value = $binary_remote_addr
Not sure how to check in a map if that http header is
13 matches
Mail list logo