geoip2_proxy
The `geoip2_proxy` directive specifies the source IP address to use for GeoIP lookup based on a proxy's IP header.
Description
The geoip2_proxy directive allows the user to configure NGINX to read the IP address of a client that has been forwarded by a proxy or load balancer. This is particularly useful in setups where requests are handled by a proxy server, which uses specific headers (like X-Forwarded-For) to pass the original client's IP address to the backend server. The directive expects one argument, which should point to the header that carries the IP information, enabling NGINX to accurately resolve geographical information from the GeoIP2 database based on the client's original IP.
This directive works in conjunction with the GeoIP2 module, which creates variables for country and city data derived from the MaxMind geo databases. By configuring geoip2_proxy, you ensure that requests are being correctly analyzed based on the client's real IP, rather than the proxy's IP. If not set, NGINX will typically analyze the proxied request using its immediate IP, which could result in incorrect geolocation data for users behind proxies.
Config Example
http {
geoip2 /etc/maxmind-country.mmdb {
geoip2_proxy $http_x_forwarded_for;
$geoip2_data_country_code default=US source=$remote_addr country iso_code;
}
}Ensure that the proxy properly sets the specified header; otherwise, geolocation may fail or return incorrect results.
Check that both IPv4 and IPv6 addressing formats are handled correctly, as improper configurations can lead to unexpected results.
Reconfigure NGINX to ignore certain internal headers to prevent exposure from potential spoofing. If not correctly set, malicious users could pass in an arbitrary X-Forwarded-For header.