We have webserver setup as follows
Loadbalancer (HAPROXY) <---> Nginx <---> App servers
To make Nginx aware of real clients that are making connections , I compiled Nginx with HttpRealIpModule and did the configuration changes. HAPROXY is also configured to forward XFF header. Nginx is getting right at least partially( my observation) if the client is browsing with pubic IP address. In case of clients which has private IP and behind another client side proxy like SQUID, I am getting the private IP of a client rather than the PUBLIC IP from which the private IP is being NATTED. According to Nginx Module documentation[ http://wiki.nginx.org/HttpRealIpModule ], HttpRealIpModule should be getting last ip in the X-Forwarded-For header for replacement. Here's the NGREP dump for a client with private IP behind squid proxy
T 192.168.255.1:53777 -> 192.168.153.164:80 [AP]
.1315664739.21; __utmb=82961925.3.10.1315664739; __utmc=82961925; __utmz=82961925.1315664739.21.21.utmcsr=domainname.com|utmccn= (referral)|utmcmd=referral|utmcct=/users/sign_in; SnapABugHistory=206
#..If-None-Match: "cc1ff315751caad21aea3dfd5392a56a"..Via: 1.1 atmosphere.sprout.lan:3128 (squid/2.7.STABLE9)..X-Forwarded-For: 192.168.3.111..Cache-Control: max-age=259200..X-Forwarded-For: 116.90.235.11....
XFF header here is atmosphere.sprout.lan:3128 (squid/2.7.STABLE9)..X-Forwarded-For: 192.168.3.111..Cache-Control: max-age=259200..X-Forwarded-For: 116.90.235.11.
The last ip seen here in the header is 116.90.235.11 yet the log file of nginx shows the client's private ip 192.168.2.111
is this normal ??
This can happen due to a number of things. Nginx is in first place a proxy, therefore it will retain HTTP Headers. So if your HAproxy (or even if the user's LAN Proxy) already supplies a X-Forwarded-For, you have a pretty good chance it will be retained through all proxies (HAproxy -> nginx -> backend).