Mercurial > hg > nginx-site
view xml/cn/docs/http/ngx_http_realip_module.xml @ 855:197e15f72b6d
nginx-1.3.14
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 05 Mar 2013 18:47:16 +0400 |
parents | ceb8a4e374b7 |
children |
line wrap: on
line source
<?xml version="1.0"?> <!-- Copyright (C) Igor Sysoev Copyright (C) Nginx, Inc. --> <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> <module name="Module ngx_http_realip_module" link="/en/docs/http/ngx_http_realip_module.html" lang="en" rev="1"> <section id="summary"> <para> The <literal>ngx_http_realip_module</literal> module allows to change the client address to the one sent in the specified header field. </para> <para> This module is not built by default, it should be enabled with the <literal>--with-http_realip_module</literal> configuration parameter. </para> </section> <section id="example" name="Example Configuration"> <para> <example> set_real_ip_from 192.168.1.0/24; set_real_ip_from 192.168.2.1; set_real_ip_from 2001:0db8::/32; real_ip_header X-Forwarded-For; real_ip_recursive on; </example> </para> </section> <section id="directives" name="Directives"> <directive name="set_real_ip_from"> <syntax> <value>address</value> | <value>CIDR</value> | <literal>unix:</literal></syntax> <default/> <context>http</context> <context>server</context> <context>location</context> <para> Defines trusted addresses that are known to send correct replacement addresses. If the special value <literal>unix:</literal> is specified, all UNIX-domain sockets will be trusted. <note> IPv6 addresses are supported starting from versions 1.3.0 and 1.2.1. </note> </para> </directive> <directive name="real_ip_header"> <syntax> <value>field</value> | <literal>X-Real-IP</literal> | <literal>X-Forwarded-For</literal></syntax> <default>X-Real-IP</default> <context>http</context> <context>server</context> <context>location</context> <para> Defines a request header field used to send the address for a replacement. </para> </directive> <directive name="real_ip_recursive"> <syntax><literal>on</literal> | <literal>off</literal></syntax> <default>off</default> <context>http</context> <context>server</context> <context>location</context> <appeared-in>1.3.0</appeared-in> <appeared-in>1.2.1</appeared-in> <para> If recursive search is disabled, an original client address that matches one of the trusted addresses is replaced by the last address sent in the request header field defined by the <link id="real_ip_header"/> directive. If recursive search is enabled, an original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field. </para> </directive> </section> </module>