Nginx – Configuring nginx to log original requestor IP (instead of IP of forward proxy)

nginxx-forwarded-for

On an nginx-enabled website I maintain, some visitors are behind a certain forward proxy. Since requests pass through the proxy's servers, the HTTP Request IP address in these cases is always from proxy servers instead of from the original requestor.

However, the proxy ensures including the original requestor IP in a separate HTTP header field called X-IORG-FBS-UIP. It can also be found in X-FORWARDED-FOR.

In nginx access logs, I notice the proxy IP is what shows up for all these users, not the real IP. How can I configure nginx such that the original requestor IP is logged by nginx, and not the proxy one? An illustrative example would be great; thanks in advance!

p.s. my nginx is v 1.4.6

Best Answer

This is done using set_real_ip_from to update the $remote_addr variable based on a custom header. For example, /etc/nginx/conf.d/proxies_acl.conf can be created as follows, to set the client IP variable based on the X-IORG-FBS-UIP header for requests proxied by 1.2.3.0/22 and 23.22.20.0/22:

set_real_ip_from 1.2.3.0/22;
set_real_ip_from 23.22.20.0/22;
real_ip_header X-IORG-FBS-UIP;

Best Answer

Related Solutions

Nginx howto correct the path from a back-end server redirect response under a virtual directory

Nginx – X-Forwarded-For (XFF) http header field confusion for Nginx

Related Topic