geoip2_proxy
The geoip2_proxy directive in the NGINX GeoIP2 module defines trusted addresses. When a request originates from a trusted address, the module uses the client address from the X-Forwarded-For header instead of the direct client IP. This is useful when NGINX is behind a proxy or load balancer that forwards client IPs.
Syntax
geoip2_proxy <cidr>;
Example
load_module modules/ngx_http_geoip2_module.so;
http {
geoip2 /etc/maxmind-country.mmdb {
$geoip2_data_country_code default=US source=$remote_addr country iso_code;
}
geoip2_proxy 192.168.1.0/24;
server {
listen 80;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Use the GeoIP2 data
add_header X-Country-Code $geoip2_data_country_code;
}
}
}
In this example, requests from the 192.168.1.0/24 range are considered trusted. The X-Forwarded-For header is used to determine the client's IP address for GeoIP2 lookups.