Menu
Is it possible to use real_ip_header without using set_real_ip_from?
My web server is behind a CDN-like system. They have over 1,000 servers and any one of them could be making the request. And their list of servers keeps changing so it's hard to keep all set_real_ip_from directives in sync.
Since I know that all requests will be proxied by their system, is there a way to use real_ip_header without set_real_ip_from? When I tried that, the real_ip_header directive was ignored.
362
Do all those 1,000 servers belong to the same network / IP-range? Then you could supply a IP-range to the set_real_ip_from directive like set_real_ip_from 10.2.0.0/16;
To trust all IPs you can use set_real_ip_from 0.0.0.0/0; although this is not recommended. If someone finds out the ip of your application server he can easily spoof any IP.
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
