Nginx ngx_http_realip_module when enabled breaks trusted reverse proxy

| Q                | A
| ---------------- | -----
| Bug report?      | yes
| Symfony version  | all

`Request::isFromTrustedProxy` relies on `REMOTE_ADDR` header to check against trusted proxies. Nginx replaces the header with the actual client ip when `ngx_http_realip_module` is enabled. 

I think it should be documented to not use this nginx module for now.

Workaround 

```
# proxied nginx config

map $http_x_forwarded_host $X_REMOTE_ADDR {
   # no available trusted variable holding the proxy ip. 
  ~.+ <proxy server ip>;
  default $remote_addr;
}

set_real_ip_from <proxy server ip>;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

server {
#...
  location @php {
     fastcgi_param REMOTE_ADDR $X_REMOTE_ADDR;
  }
#...
}
```



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Nginx ngx_http_realip_module when enabled breaks trusted reverse proxy #26006

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Nginx ngx_http_realip_module when enabled breaks trusted reverse proxy #26006

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions