Open asutoshpalai opened 7 years ago
Try Nginx RealIP module.
real_ip_header X-Forwarded-For;
http://nginx.org/en/docs/http/ngx_http_realip_module.html
2017年4月1日(土) 14:25 Asutosh Palai notifications@github.com:
When deployed behind a proxy (e.g. Nginx proxy) there is no simple way to access the client's real remote address through env.
To get the real IP, you will have to get x-forwarded-for from :headers.
I am using Clack with Hunchentoot server.
From my understanding, the handler for Huchentoot should use :remote-addr (real-remote-addr req) instead of :remote-addr (remote-addr* req) https://github.com/fukamachi/clack/blob/e28dd64a7f0df15da49d329a2096af866cada976/src/handler/hunchentoot.lisp#L200
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/fukamachi/clack/issues/144, or mute the thread https://github.com/notifications/unsubscribe-auth/AAFhyk3d7oV15ATKDbUygVh9rEpIQ_HEks5rrd_GgaJpZM4MwX_E .
I think you misunderstood my point. The X-Forwarded-For
header is being set by Nginx properly. The problem lies in accessing the client's IP address reliably.
Currently, we can access the actual client's IP by doing something like
(or (gethash "x-forwarded-for" (getf env :headers))
(getf env :remote-addr))
Instead, if it was accessible from something like with
(getf env :remote-addr)
or
(getf env :real-remote-addr)
then it will provide a stable interface to get the client's IP.
When deployed behind a proxy (e.g. Nginx proxy) there is no simple way to access the client's real remote address through
env
.To get the real IP, you will have to get
x-forwarded-for
from:headers
.I am using Clack with Hunchentoot server.
From my understanding, the handler for Huchentoot should use
:remote-addr (real-remote-addr req)
instead of:remote-addr (remote-addr* req)