Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#100 closed enhancement (fixed)

http_geoip_module should support requests from proxies

Reported by: Robby Grossman Owned by: Ruslan Ermilov
Priority: minor Milestone:
Component: nginx-module Version: 1.0.x
Keywords: Cc:
uname -a: Linux ip-10-87-43-13 2.6.32-318-ec2 #38-Ubuntu SMP Thu Sep 1 18:09:30 UTC 2011 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.0.12

Description

When using the http_geoip_module through a proxy, the IP address used for the geolocation lookup is that of the proxy rather than the end-user.

On apache, one can use the "GeoIPScanProxyHeaders On" directive to tell GeoIP to use the X-Forwarded-For header instead of the typical remote address. This functionality should be replicated in the nginx module.

Change History (4)

comment:1 by Robby Grossman, 13 years ago

I patched this by using the X-Forwarded-For header if it's provided. You can see my changes here: https://github.com/freerobby/ngx_http_geoip_module-xfwd/compare/b1d1...master

We're behind a firewall so we don't need to worry about forgery, but in most production environments it is better to use the realip module so that one can protect against forgery. Feel free to close out this ticket since that solution does exist for most people. I was hoping to avoid it because we have some code that relies on the non-overridden $remote_addr (that of the most recent proxy it came from).

comment:2 by Ruslan Ermilov, 13 years ago

Owner: changed from somebody to Ruslan Ermilov
Status: newassigned

comment:3 by Ruslan Ermilov, 13 years ago

Resolution: fixed
Status: assignedclosed

In [4628/nginx]:

(The changeset message doesn't reference this ticket)

comment:4 by Maxim Dounin, 13 years ago

In [4669/nginx]:

(The changeset message doesn't reference this ticket)

Note: See TracTickets for help on using tickets.