geoip_proxy
The `geoip_proxy` directive is used to configure the GeoIP module to determine the geographical location of IP addresses based on the proxy protocol.
Description
The geoip_proxy directive establishes a way for NGINX to utilize the proxy protocol to obtain the original IP address of clients, allowing for improved accuracy in geographical identification via GeoIP databases. This is particularly useful in environments where requests are forwarded from one proxy server to another, as the addressing in the request may not accurately reflect the client's actual geographic location. When configured, NGINX will read the client’s original IP address from the specified header instead of directly from the client connection.
This directive accepts a single argument that specifies the name of the header to look for, which typically contains the client's original address (e.g., X-Real-IP). When using this directive, it is crucial to ensure that the upstream proxies properly populate the identified header with valid IPs for accurate GeoIP lookups. Failure to configure this correctly can lead to incorrect geographical data being recorded during logging or access control.
The execution of the directive occurs within the HTTP context, which allows it to be globally applicable across server blocks or within specific location blocks. Proper evaluation of headers is performed on incoming requests, making it essential to maintain consistent configurations across any intermediate proxies in deployment.
Config Example
http {
geoip_proxy X-Forwarded-For;
}Ensure that your upstream proxy includes the correct headers, or NGINX may read incorrect IP addresses.
Misconfiguration can lead to security vulnerabilities, as improper IP handling might expose your application to spoofing attacks.
This directive is only valid if the GeoIP module is compiled and enabled in NGINX.