MIT License
A module to replace the remote address by the last IP on X-Forwarded-For header when the request comes from a trusted proxy.
The current version only works with the "Data compression proxy" from Google chrome.
This module is based on Nginx real IP module.
It checks the DNS and reverse DNS to be sure that the proxy really is who it says to be.
This module is not distributed with the Nginx source. See the installation instructions.
An example:
pid logs/nginx.pid;
error_log logs/nginx-main_error.log debug;
# Development Mode
# master_process off;
# daemon off;
worker_processes 1;
worker_rlimit_core 500M;
working_directory /tmp;
debug_points abort;
events {
worker_connections 1024;
#use kqueue; # MacOS
use epoll; # Linux
}
http {
default_type application/octet-stream;
log_format main '[$time_local] $host "$request" $request_time s '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" Remote: "$remote_addr" '
'RealIP: "$trusted_proxy_resolver_realip"';
access_log logs/nginx-http_access.log main;
error_log logs/nginx-http_error.log;
trusted_proxy_resolver_address "$http_x_origin_ip";
server {
listen 8080;
server_name localhost;
location / {
trusted_proxy_resolver_to_real_ip on;
}
}
}
Download Nginx Stable source and uncompress it (ex.: to ../nginx). You must then run ./configure with --add-module pointing to this project as usual. Something in the lines of:
$ ./configure \
--add-module=../nginx-trusted-proxy-resolver-module \
--prefix=/home/user/dev-workspace/nginx
$ make
$ make install
This project uses nginx_test_helper on the test suite. So, after you've installed the module, you can just download the necessary gems:
$ cd test
$ bundle install
And run rspec pointing to where your Nginx binary is (default: /usr/local/nginx/sbin/nginx):
$ NGINX_EXEC=../path/to/my/nginx rspec .
This is still a work in progress. Be the change. And take a look on the Changelog file.