x-real-ip issue

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

x-real-ip issue

CJ Ess
I've been struggling all day with this, I'm missing something, hoping someone can point out what I'm doing wrong w/ the realip module:

nginx.conf:
...
  log_format xyz '$remote_addr - $remote_user [$time_iso8601] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" $http_x_real_ip';

  access_log  /var/log/nginx/access.log xyz;
...
  real_ip_header X-Forwarded-For;
  real_ip_recursive on;
  set_real_ip_from 172.0.0.0/8;
...


Test command I'm running:
curl -v -v -v -H "Host: www.test.com" -H "X-Forwarded-For: 9.1.2.3, 172.16.9.92" http://127.0.0.1/cheese


What I see in the error log:
127.0.0.1 - - [2017-08-28T14:20:38-04:00] "GET /cheese HTTP/1.1" 502 166 "-" "curl/7.29.0" "9.1.2.3, 172.16.9.92" -


I'm expecting that either $remote_addr or $http_x_real_ip be 9.1.2.3, but the former is 127.0.0.1 and the latter is null.

I've tried two versions of Nginx including the latest, so pretty sure its an issue with my config. The config test is successful, no errors in the error log (level debug), the 502 status code is expected and shouldn't impact the realip module.


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: x-real-ip issue

Richard Stanway
You're connecting to localhost (127.0.0.1) and your set_real_ip_from only accepts X-Forwarded-For from 172.0.0.0/8.

On Mon, Aug 28, 2017 at 8:25 PM, CJ Ess <[hidden email]> wrote:
I've been struggling all day with this, I'm missing something, hoping someone can point out what I'm doing wrong w/ the realip module:

nginx.conf:
...
  log_format xyz '$remote_addr - $remote_user [$time_iso8601] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" $http_x_real_ip';

  access_log  /var/log/nginx/access.log xyz;
...
  real_ip_header X-Forwarded-For;
  real_ip_recursive on;
  set_real_ip_from 172.0.0.0/8;
...


Test command I'm running:
curl -v -v -v -H "Host: www.test.com" -H "X-Forwarded-For: 9.1.2.3, 172.16.9.92" http://127.0.0.1/cheese


What I see in the error log:
127.0.0.1 - - [2017-08-28T14:20:38-04:00] "GET /cheese HTTP/1.1" 502 166 "-" "curl/7.29.0" "9.1.2.3, 172.16.9.92" -


I'm expecting that either $remote_addr or $http_x_real_ip be 9.1.2.3, but the former is 127.0.0.1 and the latter is null.

I've tried two versions of Nginx including the latest, so pretty sure its an issue with my config. The config test is successful, no errors in the error log (level debug), the 502 status code is expected and shouldn't impact the realip module.


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: x-real-ip issue

CJ Ess
That was it! I added "set_real_ip_from 127.0.0.1/32;" and now I'm getting the results I expected. Thank you!


On Mon, Aug 28, 2017 at 4:27 PM, Richard Stanway <[hidden email]> wrote:
You're connecting to localhost (127.0.0.1) and your set_real_ip_from only accepts X-Forwarded-For from 172.0.0.0/8.

On Mon, Aug 28, 2017 at 8:25 PM, CJ Ess <[hidden email]> wrote:
I've been struggling all day with this, I'm missing something, hoping someone can point out what I'm doing wrong w/ the realip module:

nginx.conf:
...
  log_format xyz '$remote_addr - $remote_user [$time_iso8601] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" "$http_x_forwarded_for" $http_x_real_ip';

  access_log  /var/log/nginx/access.log xyz;
...
  real_ip_header X-Forwarded-For;
  real_ip_recursive on;
  set_real_ip_from 172.0.0.0/8;
...


Test command I'm running:
curl -v -v -v -H "Host: www.test.com" -H "X-Forwarded-For: 9.1.2.3, 172.16.9.92" http://127.0.0.1/cheese


What I see in the error log:
127.0.0.1 - - [2017-08-28T14:20:38-04:00] "GET /cheese HTTP/1.1" 502 166 "-" "curl/7.29.0" "9.1.2.3, 172.16.9.92" -


I'm expecting that either $remote_addr or $http_x_real_ip be 9.1.2.3, but the former is 127.0.0.1 and the latter is null.

I've tried two versions of Nginx including the latest, so pretty sure its an issue with my config. The config test is successful, no errors in the error log (level debug), the 502 status code is expected and shouldn't impact the realip module.


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx