On Wed, Mar 08, 2017 at 01:56:04AM -0500, c0nw0nk wrote:
Hi there,
> The usage of the final output is as easy as this. "$client_ip_output;"
> limit_req_zone $client_ip_output zone=one:10m rate=1r/s; #usage example for
> the resulting output after all fallback checks and ip whitelist checks etc.
>
On Tue, Mar 07, 2017 at 06:44:05PM -0500, c0nw0nk wrote:
Hi there,
> I was just looking at the realip module but that module does not seem to
> support fallback methods like I demonstrated I was in need of.
I'm not convinced that you need anything other than what the realip module
provides; but
This kind of logic, as you found out, can be handled in nginx with the help
of the proper tools, namely the map module.
You are one step away: you can actually program what you require to be
feeding the realip module with the HTTP header name you ended up with.
Rather than having contiguous maps, h
Hey again,
So I modified my config to this as to prevent client's IP spoofing.
map $http_x_forwarded_for $client_ip_x_forwarded_for {
"" $remote_addr; #if this header missing set remote_addr as real ip
default $http_x_forwarded_for;
}
map $http_cf_connecting_ip $client_ip_from_cf {
"" $client_ip
Hey,
I was just looking at the realip module but that module does not seem to
support fallback methods like I demonstrated I was in need of. (If it does
support multiple headers and fallback conditions can someone provide a
demonstration)
If real_ip_header CF-Connecting-IP; is missing then fallba
On Mon, Mar 06, 2017 at 02:12:40PM -0500, c0nw0nk wrote:
Hi there,
good that you've found some more answers.
There's still some to be worked on, though, I suspect.
> So to explain how to get the origin IP for each method someone could be
> using here is the list :
>
> Cloudflares proxied traff
So I figured out the problem is a bit of a dynamic one.
My Nginx accepts some connections via cloudflare's proxy and other's via
their DNS only and other connections go through a load balancing ip that
sets a x-forwarded-for header containing the real IP, While others can avoid
all of that and con
Again, it is not empty, nor containing an hyphen...
Look slowly to the log line and compare it to the log format. You use
hyphens as separators, which, again, might not be a good idea at this
precise location.
The IP address you get is a private one though, so not 'client' but rather
'downstream'
Thank's for the info :)
But why is $remote_addr outputting a hyphen instead of the users IP...
I still expect to see the client's IP address.
B.R. via nginx Wrote:
---
> That is because it is not: your eyes deceived you having a too quick
> loo
That is because it is not: your eyes deceived you having a too quick look
at the log line.
Your 'empty' variables are actually showing the value '-' in this log line.
It probably does not help debugging to have static '-' mixed in the format
of your log lines where you put them.
---
*B. R.*
On Su
Francis Daly Wrote:
---
> On Fri, Mar 03, 2017 at 10:47:26AM -0500, c0nw0nk wrote:
>
> Hi there,
>
> > map $http_cf_connecting_ip $client_ip_from_cf {
> > default $http_cf_connecting_ip;
> > }
> >
> > How can I make it so if the client did not
Thank's Francis much appreciated it seems to be working good :)
Francis Daly Wrote:
---
> On Fri, Mar 03, 2017 at 10:47:26AM -0500, c0nw0nk wrote:
>
> Hi there,
>
> > map $http_cf_connecting_ip $client_ip_from_cf {
> > default $http_cf_connecti
On Fri, Mar 03, 2017 at 10:47:26AM -0500, c0nw0nk wrote:
Hi there,
> map $http_cf_connecting_ip $client_ip_from_cf {
> default $http_cf_connecting_ip;
> }
>
> How can I make it so if the client did not send that $http_ header it makes
> $client_ip_from_cf variable value = $binary_remote_addr
>
So I have the following Map
map $http_cf_connecting_ip $client_ip_from_cf {
default $http_cf_connecting_ip;
}
How can I make it so if the client did not send that $http_ header it makes
$client_ip_from_cf variable value = $binary_remote_addr
Not sure how to check in a map if that http header is
14 matches
Mail list logo
