I have an external load balancer (aws ELB) directing traffic to my discourse server. I have verified the
X-Forwarded-For headers are being sent, but for some reason all the user ips show up as the load balancer ip?
Is this a bug or is there some setting I am missing?
I know @mpalmer knows a lot about this. Any advice, Matt?
I’d say you’re missing the nginx setting to “trust” the IP address that is making the connection, so the XFF header is ignored. The setting name is
set_real_ip_from; grovel around in your nginx config(s) to see what (if anything) it’s currently set to, and season to taste.
Thanks, found the solution here: Amazon Elastic Load Balancer and Forwarding Real-IP Nginx
basically, add the following to the http section in nginx.conf
Oh sweet jeebers, don’t do that. It’ll allow anyone who can manage to get a HTTP connection into your servers to spoof their IP address, which will only lead to trouble. Set it to the IP range of your VPC, instead.
oh ya, I know that much, I just didnt want to post my range to the public
Sure, but will everyone else who finds this topic and copies your example know that?
Well, they’ll surely scroll down and see your reply just under it, though? I suspect yes.
That’s why I made my reply.