Mercurial > hg > nginx-site

view xml/en/docs/http/ngx_http_realip_module.xml @ 580:be54c443235a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added copyright markers to documentation sources.
author Ruslan Ermilov <ru@nginx.com>
date Tue, 10 Jul 2012 12:59:42 +0000
parents a8daad8e83bb
children 764fbac1b8b4
line wrap: on
line source

<?xml version="1.0"?>

<!--
  Copyright (C) Igor Sysoev
  Copyright (C) Nginx, Inc.
  -->

<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">

<module name="Module ngx_http_realip_module"
        link="/en/docs/http/ngx_http_realip_module.html"
        lang="en">

<section id="summary">

<para>
The <literal>ngx_http_realip_module</literal> module allows
to change the client address to the one sent in the specified header field.
</para>

<para>
This module is not built by default, it should be enabled with the
<literal>--with-http_realip_module</literal>
configuration parameter.
</para>

</section>


<section id="example" name="Example Configuration">

<para>
<example>
set_real_ip_from  192.168.1.0/24;
set_real_ip_from  192.168.2.1;
set_real_ip_from  2001:0db8::/32;
real_ip_header    X-Forwarded-For;
real_ip_recursive on;
</example>
</para>

</section>


<section id="directives" name="Directives">

<directive name="set_real_ip_from">
<syntax>
    <value>address</value> |
    <value>CIDR</value> |
    <literal>unix:</literal></syntax>
<default/>
<context>http</context>
<context>server</context>
<context>location</context>

<para>
Defines trusted addresses that are known to send correct
replacement addresses.
If the special value <literal>unix:</literal> is specified,
all UNIX-domain sockets will be trusted.
<note>
IPv6 addresses are supported starting from versions 1.3.0 and 1.2.1.
</note>
</para>

</directive>


<directive name="real_ip_header">
<syntax>
    <value>field</value> |
    <literal>X-Real-IP</literal> |
    <literal>X-Forwarded-For</literal></syntax>
<default>X-Real-IP</default>
<context>http</context>
<context>server</context>
<context>location</context>

<para>
Defines a request header field used to send
the address for a replacement.
</para>

</directive>


<directive name="real_ip_recursive">
<syntax><literal>on</literal> | <literal>off</literal></syntax>
<default>off</default>
<context>http</context>
<context>server</context>
<context>location</context>
<appeared-in>1.3.0</appeared-in>
<appeared-in>1.2.1</appeared-in>

<para>
If recursive search is disabled, an original client address that
matches one of the trusted addresses is replaced by the last
address sent in the request header field defined by the
<link id="real_ip_header"/> directive.
If recursive search is enabled, an original client address that
matches one of the trusted addresses is replaced by the last
non-trusted address sent in the request header field.
</para>

</directive>

</section>

</module>