Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#1588 closed defect (worksforme)

about realip module

Reported by: cjhust@… Owned by:
Priority: minor Milestone:
Component: other Version: 1.13.x
Keywords: Cc:
uname -a: 3.10.0
nginx -V: 1.13.6

Description

http {

real_ip_header X-Real-IP;
set_real_ip_from 127.0.0.1;

server {

listen 8000;
real_ip_header X-Forwarded-For;

location / {

....

}

}

}

local test:
#curl http://127.0.0.1:8000/
$remote_addr = "127.0.0.1"

#curl http://127.0.0.1:8000/ -H "X-Real-IP: 1.1.1.1"
$remote_addr = "1.1.1.1"

#curl http://127.0.0.1:8000/ -H "X-Forwarder-For: 2.2.2.2"
$remote_addr = "2.2.2.2"

#curl http://127.0.0.1:8000/ -H "X-Forwarder-For: 2.2.2.2" -H "X-Real-IP: 1.1.1.1"
$remote_addr = "2.2.2.2"

why not location level tack effect?
why X-real-IP tack effect?

Change History (8)

comment:1 by cjhust@…, 2 years ago

#curl ​http://127.0.0.1:8000/ -H "X-Forwarder-For: 2.2.2.2" -H "X-Real-IP: 1.1.1.1"
$remote_addr = "1.1.1.1"

comment:2 by Ruslan Ermilov, 2 years ago

Resolution: invalid
Status: newclosed

Because you made a typo in header name (X-Forwarder-For instead of X-Forwarded-For).

comment:3 by cjhust@…, 2 years ago

Resolution: invalid
Status: closedreopened

#curl ​​http://127.0.0.1:8000/ -H "X-Forwarded-For: 2.2.2.2" -H "X-Real-IP: 1.1.1.1"
$remote_addr = "1.1.1.1"

also 1.1.1.1

comment:4 by cjhust@…, 2 years ago

ngx_http_realip_handler is setted in POST_READ and PREACCESS phase.

if POST_READ phase meeting the conditions takes effect, it will call ngx_http_set_ctx(r, ctx, ngx_http_realip_module).
so that PREACCESS phase will skip.

comment:5 by Ruslan Ermilov, 2 years ago

Resolution: worksforme
Status: reopenedclosed

Using the following config:

http {

    real_ip_header X-Real-IP;
    set_real_ip_from 127.0.0.1;

    server {
        listen 8000;

        real_ip_header X-Forwarded-For;

        location / {
            return 200 remote_addr=$remote_addr;
        }
    }
}

I get:

$ curl http://127.0.0.1:8000/ -H "X-Forwarded-For: 2.2.2.2" -H "X-Real-IP: 1.1.1.1"
remote_addr=2.2.2.2
$ curl http://127.0.0.1:8000/ -H "X-Real-IP: 1.1.1.1"
remote_addr=127.0.0.1

Only if I add another (default) server listening on port 8000, I get the behavior you observe:

    server {
        listen 8000 default_server;
        server_name example.com;
        return 200 remote_addr=$remote_addr;
    }

$ curl http://127.0.0.1:8000/ -H "X-Forwarded-For: 2.2.2.2" -H "X-Real-IP: 1.1.1.1" ; echo
remote_addr=1.1.1.1
$ curl http://127.0.0.1:8000/ -H "X-Real-IP: 1.1.1.1" ; echo
remote_addr=1.1.1.1

If you need further assistance, please provide full config to reproduce the problem.

comment:6 by cjhust@…, 2 years ago

$ curl http://127.0.0.1:8000/ -H "X-Forwarded-For: 2.2.2.2" -H "X-Real-IP: 1.1.1.1" ; echo
remote_addr=1.1.1.1

this is the test result.

up above is typo error, sorry

comment:7 by cjhust@…, 2 years ago

I close this ticket, and open new ticket.

sorry again.

comment:8 by Maxim Dounin, 2 years ago

See also #1589.

Note: See TracTickets for help on using tickets.