In the blog post Forwarding Real-IP Nginx, it mentions that the
set_real_ip_from can either be set to
or the address of the load balancer, eg:
set_real_ip_from 22.214.171.124;, for security.
We have multiple clusters, each with a different load balancer, however, the configuration is shared. This makes it difficult to set the specific IP address for each cluster. Is it possible to limit this IP to just internal IP addresses, eg.
How secure would this be? It doesn’t allow any IP, but it is not very specific either.
What security risks are there?