In the blog post Forwarding Real-IP Nginx, it mentions that the
set_real_ip_from
can either be set to
set_real_ip_from 0.0.0.0/0;
or the address of the load balancer, eg:
set_real_ip_from 1.2.3.4;
, for security.
We have multiple clusters, each with a different load balancer, however, the configuration is shared. This makes it difficult to set the specific IP address for each cluster. Is it possible to limit this IP to just internal IP addresses, eg.
set_real_ip_from 10.0.0.0/8;
How secure would this be? It doesn’t allow any IP, but it is not very specific either.
What security risks are there?
Thanks,
Steve