x-forwarded-for Questions

How to change Nginx to deny by default instead of allow, when using X-Forwarded-For, with visitors inside the LAN allowed access without a login?

May 22, 2024
Danny Beckett
2 Answers

In an Nginx config we have the following code to allow viewing the site from inside the LAN without a login, otherwise require a login if outside the LAN: real_ip_header X-Forwarded-For; # IPs trusted to forward the visitor's remote IP…

VIEW QUESTION

How to set remote_addr to the real client IP? – Nginx

July 17, 2022
Kosmylo
3 Answers

I have the following nginx.conf and in the access.log I am getting as remote_addr the same IP for every request, which is the IP of my VM. events{} # See blow link for Creating NGINX Plus and NGINX Configuration Files…

VIEW QUESTION

AWS ELB Apache Get Client IP, Avoid X-Forwarded-For Spoofing

February 23, 2021
user3783243
2 Answers

From apache docs (https://httpd.apace.org/docs/2.4/mod/mod_remoteip.html) we implemented the following assignment on our server: RemoteIPHeader X-Forwarded-For to get a client's IP rather than the ELB's IP. However, we didn't notice that the ELB also appends all other X-Forwarded-For values to the left…

VIEW QUESTION