Mercurial > hg > nginx-site
view xml/en/docs/http/ngx_http_realip_module.xml @ 572:17ceffcc7ffb
Brought the ngx_http_map_module documentation up to date.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Thu, 05 Jul 2012 13:15:08 +0000 |
parents | a8daad8e83bb |
children | be54c443235a |
line wrap: on
line source
<?xml version="1.0"?> <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> <module name="Module ngx_http_realip_module" link="/en/docs/http/ngx_http_realip_module.html" lang="en"> <section id="summary"> <para> The <literal>ngx_http_realip_module</literal> module allows to change the client address to the one sent in the specified header field. </para> <para> This module is not built by default, it should be enabled with the <literal>--with-http_realip_module</literal> configuration parameter. </para> </section> <section id="example" name="Example Configuration"> <para> <example> set_real_ip_from 192.168.1.0/24; set_real_ip_from 192.168.2.1; set_real_ip_from 2001:0db8::/32; real_ip_header X-Forwarded-For; real_ip_recursive on; </example> </para> </section> <section id="directives" name="Directives"> <directive name="set_real_ip_from"> <syntax> <value>address</value> | <value>CIDR</value> | <literal>unix:</literal></syntax> <default/> <context>http</context> <context>server</context> <context>location</context> <para> Defines trusted addresses that are known to send correct replacement addresses. If the special value <literal>unix:</literal> is specified, all UNIX-domain sockets will be trusted. <note> IPv6 addresses are supported starting from versions 1.3.0 and 1.2.1. </note> </para> </directive> <directive name="real_ip_header"> <syntax> <value>field</value> | <literal>X-Real-IP</literal> | <literal>X-Forwarded-For</literal></syntax> <default>X-Real-IP</default> <context>http</context> <context>server</context> <context>location</context> <para> Defines a request header field used to send the address for a replacement. </para> </directive> <directive name="real_ip_recursive"> <syntax><literal>on</literal> | <literal>off</literal></syntax> <default>off</default> <context>http</context> <context>server</context> <context>location</context> <appeared-in>1.3.0</appeared-in> <appeared-in>1.2.1</appeared-in> <para> If recursive search is disabled, an original client address that matches one of the trusted addresses is replaced by the last address sent in the request header field defined by the <link id="real_ip_header"/> directive. If recursive search is enabled, an original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field. </para> </directive> </section> </module>