You were just told the best way to get a meaningful $binary_remote_addr variable using CloudFlare, with the added bonus of a list of network ranges to use with set_real_ip_from to only filter out CloudFlare's IP addresses as sources to be repalced and avoid false positives.
Using the $binary_remote_addr variable takes less space inside your fixed-sized zone, thus allowing to store more entries. I suggest you carefully read on the impacts of filling-up the zone memory and why using as little data per client is highly advised in limit_req_zone <http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone> directive docs as you do not seem to know what you are doing... --- *B. R.* On Tue, Sep 13, 2016 at 3:08 PM, c0nw0nk <nginx-fo...@forum.nginx.org> wrote: > Reinis Rozitis Wrote: > ------------------------------------------------------- > > > But that book says it is to reduce the memory footprint ? > > > > Correct, but that is for that specific varible. > > > > You can't take $http_cf_connecting_ip which is a HTTP header comming > > from > > Cloudflare and prepend $binary_ just to "lower memory footprint". > > There is no such functionality. > > > > > > What you might do is still use $binary_remote_addr but in combination > > with > > RealIP module ( > > http://nginx.org/en/docs/http/ngx_http_realip_module.html ): > > > > real_ip_header CF-Connecting-IP; > > > > Detailed guide from Cloudflare: > > ( > > https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-re > > store-original-visitor-IP-with-Nginx- > > ) > > > > > > Theoretically it should work but to be sure you would need to test it > > or ask > > a nginx dev for confirmation if the realip module takes precedence and > > > > updates also the ip binary variable before the limit_req module. > > > > rr > > > > _______________________________________________ > > nginx mailing list > > nginx@nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > > Thanks for the info :) For now I will just stick with what I know is > currently working either way I believe the stored key in memory won't be > compressed due to being behind cloudflare's reverse proxy as you said only > $binary_remote_addr is compressing their IP to reduce memory footprint. > > Here is my config for anyone who wants to test or play around same as in > original email. > > map $http_cf_connecting_ip $client_ip_from_cf { > default $http_cf_connecting_ip; > } > > limit_req_zone $client_ip_from_cf zone=one:10m rate=30r/m; > limit_conn_zone $client_ip_from_cf zone=addr:10m; > > location ~ \.mp4$ { > limit_conn addr 10; #Limit open connections from same ip > limit_req zone=one; #Limit max number of requests from same ip > > mp4; > limit_rate_after 1m; #Limit download rate > limit_rate 1m; #Limit download rate > root '//172.168.0.1/StorageServ1/server/networkflare/public_www'; > expires max; > valid_referers none blocked networkflare.com *.networkflare.com; > if ($invalid_referer) { > return 403; > } > } > > Posted at Nginx Forum: https://forum.nginx.org/read. > php?2,269502,269521#msg-269521 > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
