Skip to content

Commit 583e672

Browse files
authored
Merge pull request #190 from annkots/master
TCR-885: adding note about this settings: real_ip_recursive
2 parents 68dae0c + a7ae142 commit 583e672

1 file changed

Lines changed: 12 additions & 0 deletions

File tree

docs/features/README.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -565,6 +565,18 @@ If you are using cPanel/EasyApache3, Imunify360 will not automatically deploy _m
565565
:::
566566
:::tip Note
567567
For cPanel/EasyApache 4, Plesk, DirectAdmin and LiteSpeed _mod_remoteip_ will be automatically installed and configured.
568+
:::
569+
570+
:::tip Note
571+
When using Nginx with multiple proxy layers (e.g., a CDN in front of WebShield), you may need to enable the `real_ip_recursive` directive so that Nginx correctly identifies the real client IP by walking the full `X-Forwarded-For` chain:
572+
573+
```
574+
real_ip_header X-Forwarded-For;
575+
set_real_ip_from ;
576+
real_ip_recursive on;
577+
```
578+
579+
Without `real_ip_recursive on`, Nginx uses the last IP in the `X-Forwarded-For` header as the real client IP, which may still be a CDN or intermediate proxy address. With it enabled, Nginx skips all IPs matching `set_real_ip_from` entries and returns the first non-trusted IP — the actual visitor's IP.
568580
:::
569581

570582
#### Supported CDN providers:

0 commit comments

Comments
 (0)