Mercurial > hg > nginx-site
diff xml/en/docs/http/ngx_http_realip_module.xml @ 518:65750bdde8fb
Documented recent changes.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Tue, 15 May 2012 14:57:21 +0000 |
parents | 31e81dcc4ffd |
children | a8daad8e83bb |
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_realip_module.xml +++ b/xml/en/docs/http/ngx_http_realip_module.xml @@ -26,9 +26,11 @@ configuration parameter. <para> <example> -set_real_ip_from 192.168.1.0/24; -set_real_ip_from 192.168.2.1; -real_ip_header X-Real-IP; +set_real_ip_from 192.168.1.0/24; +set_real_ip_from 192.168.2.1; +set_real_ip_from 2001:0db8::/32; +real_ip_header X-Forwarded-For; +real_ip_recursive on; </example> </para> @@ -48,10 +50,13 @@ real_ip_header X-Real-IP; <context>location</context> <para> -Describes trusted IPv4 addresses that are known to send correct +Defines trusted addresses that are known to send correct replacement addresses. If the special value <literal>unix:</literal> is specified, all UNIX-domain sockets will be trusted. +<note> +IPv6 addresses are supported starting from version 1.3.0. +</note> </para> </directive> @@ -70,9 +75,27 @@ all UNIX-domain sockets will be trusted. <para> Defines a request header field used to send the address for a replacement. -In case of the <header>X-Forwarded-For</header> field, -the last address in the field’s value is used. -For other fields the whole value is used. +</para> + +</directive> + + +<directive name="real_ip_recursive"> +<syntax><literal>on</literal> | <literal>off</literal></syntax> +<default>off</default> +<context>http</context> +<context>server</context> +<context>location</context> +<appeared-in>1.3.0</appeared-in> + +<para> +If recursive search is disabled, an original client address that +matches one of the trusted addresses is replaced by the last +address sent in the request header field defined by the +<link id="real_ip_header"/> directive. +If recursive search is enabled, an original client address that +matches one of the trusted addresses is replaced by the last +non-trusted address sent in the request header field. </para> </directive>