Nginx ngx_http_realip_module模块基本指令整理

  categories:nginx  author:

原创文章,转载请指明出处并保留原文url地址

本文主要针对nginx的ngx_http_realip_module模块做简单介绍,本文具体包括如下指令:set_real_ip_from,real_ip_header,real_ip_recursive

这个模块允许修改客户端发送来的请求头中制定字段的值。

这个模块不是默认的内建模块, 需要采用–with-http_realip_module指令使能这个模块

Nginx原文:

The ngx_http_realip_module module allows to change the client address to the one sent in the specified header field.

This module is not built by default, it should be enabled with the –with-http_realip_module configuration parameter.

配置实例:

    set_real_ip_from  192.168.1.0/24;

    set_real_ip_from  192.168.2.1;

    set_real_ip_from  2001:0db8::/32;

    real_ip_header    X-Forwarded-For;

    real_ip_recursive on;

1. set_real_ip_from

syntax:

set_real_ip_from    address| CIDR | unix:;

default:

context:

http, server, location

定义来源于那些ip地址的请求是可以被信任的, 这些地址将被用来做地址的替代地址。如果指定unix参数,则全部unix域下的全部sockets都被信任。

IPv6的地址由版本1.3.0和1.2.1开始被支持。

Nginx原文:

Defines trusted addresses that are known to send correct replacement addresses. If the special value unix: is specified, all UNIX-domain sockets will be trusted.

    IPv6 addresses are supported starting from versions 1.3.0 and 1.2.1.

2. real_ip_header

syntax:

real_ip_header   field| X-Real-IP | X-Forwarded-For;

default:

real_ip_header X-Real-IP;

context:

http, server, location

定义一个用于发送置换地址的请求标头字段。

Nginx原文:

Defines a request header field used to send the address for a replacement.

3. real_ip_recursive

syntax:

real_ip_recursive        on | off;

default:

real_ip_recursive off;

context:

http, server, location

本指令出现在1.30和1.2.1版本中

This directive appeared in versions 1.3.0 and 1.2.1.

(信任关系是否被传递)如果递归功能被禁止,则在real_ip_header指令设置的请求头中,最后的一个匹配的信任地址被作为信任的地址。如果递归功能被开启, 否则在real_ip_header指令设置的请求头中,最后的一个匹配的非信任地址被作为信任的地址。

Nginx原文:

If recursive search is disabled, the original client address that matches one of the trusted addresses is replaced by the last address sent in the request header field defined by the real_ip_header directive. If recursive search is enabled, the original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field. 



快乐成长 每天进步一点点      京ICP备18032580号-1