I have an external load balancer (aws ELB) directing traffic to my discourse server. I have verified the X-Forwarded-For headers are being sent, but for some reason all the user ips show up as the load balancer ip?
Is this a bug or is there some setting I am missing?
Iâd say youâre missing the nginx setting to âtrustâ the IP address that is making the connection, so the XFF header is ignored. The setting name is set_real_ip_from; grovel around in your nginx config(s) to see what (if anything) itâs currently set to, and season to taste.
Oh sweet jeebers, donât do that. Itâll allow anyone who can manage to get a HTTP connection into your servers to spoof their IP address, which will only lead to trouble. Set it to the IP range of your VPC, instead.