Created
May 7, 2016 18:27
-
-
Save jpoehnelt/2b0958067d93ffe707dd5a63640c3a2f to your computer and use it in GitHub Desktop.
Fix for Cloudfront Proxy NGINX
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Look for client IP in the X-Forwarded-For header | |
real_ip_header X-Forwarded-For; | |
# Ignore trusted IPs | |
real_ip_recursive on; | |
# Set VPC subnet as trusted | |
set_real_ip_from 10.0.0.0/16; | |
# Set CloudFront subnets as trusted | |
set_real_ip_from 52.84.0.0/15; | |
set_real_ip_from 52.182.0.0/16; | |
set_real_ip_from 54.192.0.0/16; | |
set_real_ip_from 54.230.0.0/16; | |
set_real_ip_from 54.239.128.0/18; | |
set_real_ip_from 54.239.192.0/19; | |
set_real_ip_from 54.240.128.0/18; | |
set_real_ip_from 204.246.164.0/22; | |
set_real_ip_from 204.246.168.0/22; | |
set_real_ip_from 204.246.174.0/23; | |
set_real_ip_from 204.246.176.0/20; | |
set_real_ip_from 205.251.192.0/19; | |
set_real_ip_from 205.251.249.0/24; | |
set_real_ip_from 205.251.250.0/23; | |
set_real_ip_from 205.251.252.0/23; | |
set_real_ip_from 205.251.254.0/24; | |
set_real_ip_from 216.137.32.0/19; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment