set_real_ip_from and real_ip_header settings for Nginx

A few weeks ago we got a customer with multiple remote proxy servers accelerating customer’s web site for caching and performance issues. As always, I use Nginx as a front end and forwarding all dynamic queries (PHP) to back-end Apache/PHP for processing. And we hit the wall with getting the real client IP and pass it to the back-end Apache so that all posts and comments do show real client IP address. Hey, site admin requires blocking spamming IP blocks as well as flooders!

Front end proxy servers were already set-up to send X-Forwarded-For header with real client IP address.

An architectual drawing:

client’s request -> proxy level -> nginx -> apache/php

So here is the fix.

Compile the Nginx with real-ip module by adding the following option to nginx ./configure –with-http_realip_module

Add the following lines to nginx.conf:

set_real_ip_from 11.22.33.0/24;
real_ip_header X-Forwarded-For;

where 11.22.33.0/24 is the IP address block from Layer-7 balancer, Ddos shield company or any other front-end device.

You have to download and compile Apache mod_rpaf module and set it up in httpd.conf

RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 44.55.66.77
RPAFheader X-Forwarded-For

where 44.55.66.77 is your nginx proxy IP address. Ejoy!


Leave a Reply