Opened 9 years ago
Closed 9 years ago
#889 closed defect (invalid)
proxy_set_header: $remote_addr value seems inconsistent
Reported by: | Mathieu MD | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | 1.6.x |
Keywords: | Cc: | ||
uname -a: | Linux nginx01 2.6.32-40-pve #1 SMP Fri Jul 24 11:16:05 CEST 2015 i686 GNU/Linux | ||
nginx -V: |
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --add-module=/build/nginx-JCwXQ6/nginx-1.6.2/debian/modules/nginx-auth-pam --add-module=/build/nginx-JCwXQ6/nginx-1.6.2/debian/modules/nginx-dav-ext-module --add-module=/build/nginx-JCwXQ6/nginx-1.6.2/debian/modules/nginx-echo --add-module=/build/nginx-JCwXQ6/nginx-1.6.2/debian/modules/nginx-upstream-fair --add-module=/build/nginx-JCwXQ6/nginx-1.6.2/debian/modules/ngx_http_substitutions_filter_module |
Description
Hello,
In a proxy_pass
setting, the proxy_set_header
set the X-Real-IP
header value to $remote_addr
only when a string is appended to it.
With this configuration, the X-Real-IP
header is not set on the backend server:
location / { proxy_pass http://10.1.2.3/; proxy_redirect off; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; }
However, just appending anything (here a "test"
string) to the $remote_addr
variable would make it work (here, X-Real-IP
is set to 192.168.1.1\"test\"
on the backend server)
location / { proxy_pass http://10.1.2.3/; proxy_redirect off; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr"test"; }
Am I missing something?
Change History (3)
comment:1 by , 9 years ago
comment:2 by , 9 years ago
I am sorry, it was a PEBKAC mistake!
For the record, I was expecting the backend (Apache) logs to contains the X-Real-IP
, but was still using %h
instead of %a
in LogFormat
. Cf. this Apache mod_remoteip and access logs at Serverfault.
Sorry for the noise. And thank you very much for your useful answer.
Works fine here, even with 1.6.2 (which is legacy and not supported anymore). I would recommend to try the following:
tcpdump
or debug log.