Re: RE: [IE] GeoIP Module for Blocking IP in http_x_forwarded_for

2018-01-17 Thread anish10dec 
Thanks ... We need the Client IP on Server B as well for analytics .


Tried by enabling the Geo IP module on Server A which looks after remote
address field and successfully blocks the request. 
But the problem here is that it is even blocking the requests coming from
our Internal Private IP Segment such as 10.0.0.0/27 which are used for
monitoring . 

Is there a way to declare few Private IP's or IP Range as trusted address
even though if they are coming under blocked countries ?

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,278117,278165#msg-278165

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

RE: [IE] GeoIP Module for Blocking IP in http_x_forwarded_for

2018-01-11 Thread Jason Whittington 
If you control Frontend Server A I would suggest not using X-Forwarded-For for 
this purpose.  Can you have the front end server send a distinct header to 
server B?  X-Real-IP would be a good choice of header.  Then Server B could key 
off that header instead of XFF.

You might find this page interesting:

https://distinctplace.com/2014/04/23/story-behind-x-forwarded-for-and-x-real-ip-headers/

Jason


-Original Message-
From: nginx [mailto:nginx-boun...@nginx.org] On Behalf Of anish10dec
Sent: Thursday, January 11, 2018 6:17 AM
To: nginx@nginx.org
Subject: [IE] GeoIP Module for Blocking IP in http_x_forwarded_for

GeoIP module is able to block request on basis of remote address which is IP of 
the remote device or user but not on basis of X-Forwarded-For IP if it has 
multiple IP address in it.

There is Frontend Server( Server A) which receives the request and send it to 
Intermediate Server (Server B) We have GeoIP module installed on Intermediate 
Server i.e. Server B


Server B <--- Server A < User

When Server B , receives the request from Server A, remote address
(remote_addr) for Server B is IP of Server A.
Device/User IP is in http_x_forwarded_for field .
If http_x_forwarded_for has single IP in it GeoIP module is able to block the 
IP on the basis of blocking applied.

If http_x_forwarded_for has multiple IP i.e IP of User as well as IP of some 
Proxy Server or IP of Server A, then its not able to block the request.

Below is the configuration :

geoip_country/usr/share/GeoIP/GeoIP.dat;
geoip_proxy   IP_OF_ServerA;   // GeoIP module ignores remote_addr
considering it as trusted and refers to X-Forwarded For

map $geoip_country_code $allowed_country {
default no;
US yes;
}

http_x_forwarded_for =  { User IP of UK } - Request from this IP is getting 
blocked

http_x_forwarded_for =  { User IP of UK , Proxy IP of US  }  -  This request is 
not getting blocked

http_x_forwarded_for =  { User IP of UK , IP of Server A  }  -  This request is 
not getting blocked

It seems nginx GeoIP Module refers to Last IP in http_x_forwarded_for field for 
applying the blocking method.

Is there a way to check for First IP Address in http_x_forwarded_for for 
blocking the request  ?

Please suggest

Please refer this for Solution in Apache 
https://dev.maxmind.com/geoip/legacy/mod_geoip2/

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,278110,278110#msg-278110

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

This message contains proprietary information from Equifax which may be 
confidential. If you are not an intended recipient, please refrain from any 
disclosure, copying, distribution or use of this information and note that such 
actions are prohibited. If you have received this transmission in error, please 
notify by e-mail postmas...@equifax.com. Equifax® is a registered trademark of 
Equifax Inc. All rights reserved.
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx