Variable Reference

$remote_addr

The $remote_addr variable holds the IP address of the client making the request to the NGINX server. — NGINX Core (HTTP)

$remote_addr NGINX Core (HTTP)

Description

The $remote_addr variable is populated by NGINX when a client makes a request to the server. It obtains the client's IP address directly from the request's socket information, specifically from the `struct sockaddr` associated with the connection. This variable is essential for access control and logging scenarios, where knowing the originating IP of requests can dictate the response behavior or record the source for auditing. If the NGINX server is behind a reverse proxy or load balancer, the $remote_addr may need to be supplemented by other variables like $http_x_forwarded_for to accurately reflect the client’s original IP address. In a standard configuration, the value will typically be an IPv4 or IPv6 address, represented in standard dotted-decimal or colon-separated formats, respectively. When using this variable in an access control setup (such as with the allow/deny directives), the server can make real-time decisions based on client IPs, enhancing security by permitting or blocking access to specific IPs. The versatile nature of this variable makes it a foundational element in both security and analytics configuration within NGINX.

Config Example

location / {
    deny 192.168.1.0/24;
    allow all;
    access_log /var/log/nginx/access.log combined;
}

Subsystem

http

Cacheable

Yes

Contexts

http, server, location, if

If NGINX is behind a load balancer or reverse proxy, $remote_addr may not reflect the actual client IP unless configured correctly with proxy headers.

Care should be taken to configure trusted proxies in the 'set_real_ip_from' to mitigate spoofing of IP addresses when using reverse proxies.

Related Variables

$http_x_forwarded_for$http_realip_remote_addr$remote_port