Mercurial > hg > nginx-site

view xml/en/docs/http/ngx_http_realip_module.xml @ 966:95c3c3bbf1ce

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Text review.
author Egor Nikitin <yegor.nikitin@gmail.com>
date Wed, 14 Aug 2013 12:03:41 +0400
parents bff4179d3599
children eeb690d4212b
line wrap: on
line source

<?xml version="1.0"?>

<!--
  Copyright (C) Igor Sysoev
  Copyright (C) Nginx, Inc.
  -->

<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">

<module name="Module ngx_http_realip_module"
        link="/en/docs/http/ngx_http_realip_module.html"
        lang="en"
        rev="1">

<section id="summary">

<para>
The <literal>ngx_http_realip_module</literal> module is used
to change the client address to the one sent in the specified header field.
</para>

<para>
This module is not built by default, it should be enabled with the
<literal>--with-http_realip_module</literal>
configuration parameter.
</para>

</section>


<section id="example" name="Example Configuration">

<para>
<example>
set_real_ip_from  192.168.1.0/24;
set_real_ip_from  192.168.2.1;
set_real_ip_from  2001:0db8::/32;
real_ip_header    X-Forwarded-For;
real_ip_recursive on;
</example>
</para>

</section>


<section id="directives" name="Directives">

<directive name="set_real_ip_from">
<syntax>
    <value>address</value> |
    <value>CIDR</value> |
    <literal>unix:</literal></syntax>
<default/>
<context>http</context>
<context>server</context>
<context>location</context>

<para>
Defines trusted addresses that are known to send correct
replacement addresses.
If the special value <literal>unix:</literal> is specified,
all UNIX-domain sockets will be trusted.
<note>
IPv6 addresses are supported starting from versions 1.3.0 and 1.2.1.
</note>
</para>

</directive>


<directive name="real_ip_header">
<syntax>
    <value>field</value> |
    <literal>X-Real-IP</literal> |
    <literal>X-Forwarded-For</literal></syntax>
<default>X-Real-IP</default>
<context>http</context>
<context>server</context>
<context>location</context>

<para>
Defines a request header field used to send
the address for a replacement.
</para>

</directive>


<directive name="real_ip_recursive">
<syntax><literal>on</literal> | <literal>off</literal></syntax>
<default>off</default>
<context>http</context>
<context>server</context>
<context>location</context>
<appeared-in>1.3.0</appeared-in>
<appeared-in>1.2.1</appeared-in>

<para>
If recursive search is disabled, the original client address that
matches one of the trusted addresses is replaced by the last
address sent in the request header field defined by the
<link id="real_ip_header"/> directive.
If recursive search is enabled, the original client address that
matches one of the trusted addresses is replaced by the last
non-trusted address sent in the request header field.
</para>

</directive>

</section>

</module>