讓您全面了解并上手億速云產(chǎn)品
常見(jiàn)入門(mén)級使用教程
對外 API 開(kāi)發(fā)文檔中心
您歷史提交的工單
您的每一條意見(jiàn),我們都嚴謹處理
您的每一條建議,我們都認真對待
億速云高防產(chǎn)品使用proxy protocol(簡(jiǎn)稱(chēng)PP協(xié)議)來(lái)傳遞用戶(hù)真實(shí)IP。當前高防IP使用的為proxy_protocol 的V1版本。
設置proxy protocol 開(kāi)啟。
HTTP協(xié)議如何通過(guò)非網(wǎng)站防護 獲取客戶(hù)端真實(shí)IP?
以Nginx為例:
// 如果您的源服務(wù)器nginx為直接的源,不再反向代理到其他的上游,則$proxy_protocol_addr變量即為真實(shí)用戶(hù)的IP??赏ㄟ^(guò)修改Nginx日志格式,在access.log日志查看。也可直接打印請求頭。參考下圖1
server {
listen 8443 proxy_protocol("**請在您的源服務(wù)器的端口處添加 'proxy_protocol' ");
....(其他配置省略)
}
//如您的源服務(wù)器Nginx轉發(fā)請求到其他上游
server {
listen 8443 proxy_protocol("請在您的源服務(wù)器的端口處添加 'proxy_protocol' ");
proxy_set_header X-PP-RealIp $proxy_protocol_addr;//您可通過(guò)該語(yǔ)法,將用戶(hù)真實(shí)IP,定義為任意字段(本例為X-PP-RealIp),轉發(fā)給上游,結果請見(jiàn)圖2
location / {
proxy_pass http://backend.example2.com:8088;
......(省略配置)
}
}
圖1
圖2
TCP服務(wù)如何獲取用戶(hù)的真實(shí)IP
<?php
//創(chuàng )建Server對象,監聽(tīng) 127.0.0.1:9501 端口
$server = new Swoole\Server("0.0.0.0", 8082);
//監聽(tīng)連接進(jìn)入事件
$server->on("Connect", function ($server, $fd) {
echo "Client: Connect.\n";
});
//監聽(tīng)數據接收事件
$server->on("Receive", function ($server, $fd, $from_id, $data) {
$fd_info = $server->getClientInfo($fd);
//var_dump($fd_info);
var_dump($data);
$is_proxy = substr($data,0,5);
if($is_proxy == "PROXY"){
$proxy_arr = explode(" ",$data);
echo "真實(shí)ip:".$proxy_arr[2]."\n";
echo "高防ip:".$proxy_arr[3]."\n";
}
$server->send($fd, "Server: " . $data);
});
//監聽(tīng)連接關(guān)閉事件
$server->on("Close", function ($server, $fd) {
echo "Client: Close.\n";
});
//啟動(dòng)服務(wù)器
$server->start();
?>
npm proxy-protocol-js
。
var net = require('net');
const proxyProtocol = require('proxy-protocol-js');
const PORT = 18001;
const HOST = '0.0.0.0'
var clientHandler = function(socket){
//客戶(hù)端發(fā)送數據的時(shí)候觸發(fā)data事件
socket.on('data', function dataHandler(data) {//data是客戶(hù)端發(fā)送給服務(wù)器的數據
var is_proxy = data.toString().substring(0,5);
if(is_proxy == "PROXY"){
const proto = proxyProtocol.V1ProxyProtocol.parse(data.toString());
console.log(proto);
}else{
console.log(socket.remoteAddress, socket.remotePort, 'send', data.toString());
}
//服務(wù)器向客戶(hù)端發(fā)送消息
socket.write('server received\n');
});
//當對方的連接斷開(kāi)以后的事件
socket.on('close', function(){
console.log(socket.remoteAddress, socket.remotePort, 'disconnected');
})
};
//創(chuàng )建TCP服務(wù)器的實(shí)例
//傳入的參數是:監聽(tīng)函數clientHandler
var app = net.createServer(clientHandler);
app.listen(PORT, HOST);
console.log('tcp server running on tcp://', HOST, ':', PORT);
http{
...
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Forwarded-For;
}
安裝wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
tar -xzvf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6/
/usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.slo mod_rpaf-2.0.c
vi /usr/local/apache/conf/httpd.conf
Include conf/extra/httpd-rpaf.conf
vi /usr/local/apache/conf/extra/httpd-rpaf.conf
LoadModule rpaf_module modules/mod_rpaf-2.0.so
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 10.8.0.110 # 代理服務(wù)器的ip地址(記得做相應修改)
RPAFheader X-Forwarded-For
wget https://github.com/ttkzw/mod_remoteip-httpd22/raw/master/mod_remoteip.c
/usr/local/apache/bin/apxs -i -c -n mod_remoteip.so mod_remoteip.c
vi /usr/local/apache/conf/httpd.conf
Include conf/extra/httpd-remoteip.conf
vi /usr/local/apache/conf/extra/httpd-remoteip.conf
LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1