Shulou(Shulou.com)06/01 Report--

This article will explain in detail about nginx to achieve load CDN acceleration to get the real ip method, Xiaobian think it is quite practical, so share it for everyone to make a reference, I hope you can gain something after reading this article.

Nginx does load CDN acceleration to get real ip

Without cdn, when nginx does the load to obtain the real ip, nginx configuration is as follows:

Java code

proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Then the backend server gets the ip code:

Java code

String address = request.getHeader("X-Forwarded-For"); if (address != null && address.length() > 0 && ! "unknown".equalsIgnoreCase(address)) { return address; } address = request.getHeader("Proxy-Client-IP"); if (address != null && address.length() > 0 && ! "unknown".equalsIgnoreCase(address)) { return address; } address = request.getHeader("WL-Proxy-Client-IP"); if (address != null && address.length() > 0 && ! "unknown".equalsIgnoreCase(address)) { return address; } return request.getRemoteAddr();

This way you can get the real IP, the server test:

Without cdn, get IP: 123.116.126.51(real IP of my current client machine)

After adding cdn, go to IP: 123.116.126.51, 202.108.251.166 (hosts point to ip of cdn)

i.e. client real IP, proxy IP, google IP,

X-Forwarded-For: abbreviated as XFF header, it represents the real IP of the client, that is, the HTTP requester. This item will only be added when passing through HTTP proxy or Load Balancer server.

The standard format is as follows:

X-Forwarded-For: client1, proxy1, proxy2

As can be seen from the standard format, there can be multiple X-Forwarded-For header information, separated by commas in the middle. The first item is the real client IP, and the rest is the IP address of the agent or Load Balancer that has passed through. After several items, several will appear.

When Nginx sets X-Forwarded-For equal to $proxy_add_x_forwarded_for, two things happen

1. If the X-Forwarded-For header is not set in the request from CDN (usually this kind of thing will not happen), and Nginx sets it to $proxy_add_x_forwarded_for, the X-Forwarded-For information should be the IP of CDN, because the client is CDN compared to Nginx Load Balancer, so that the backend web program can not get the IP of the real user when it dies.

2. X-Forwarded-For is set for CDN. If we set it again here and the value is $proxy_add_x_forwarded_for, then the content of X-Forwarded-For becomes "client IP, IP of CDN". If this is the case, then the backend program obtains the client IP through X-Forwarded-For, and the first item separated by commas can be taken.

This is a headache. If you only want to get the real IP of the client, you can only modify our backend code. If there are multiple IP addresses, then take the first IP address. This is not what I want,

So how can I change the real IP without changing it?

Nginx also has a $http_x_forwarded_for variable, which stores the X-Forwarded-For information in the request. If the program that gets X-Forwarded-For information on the backend is not compatible (not considering the case where X-Forwarded-For contains multiple IPs), it is best not to set X-Forwarded-For to $proxy_add_x_forwarded_for. Should be set to $http_x_forwarded_for or not set at all!

The above passage means that we do not add $proxy_add_x_forwarded_for, but this will not get the real IP without cdn. Is there a way to get both?

After several configurations, the following configurations were found:

Java code

proxy_set_header X-Forwarded-For $http_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

This configuration gets $http_x_forwarded_for the first time, or $proxy_add_x_forwarded_for if it doesn't exist.

This way, regardless of whether you are in a cdn environment or not, you can obtain a client IP.

(Note: Multi-tier agents not tested)

About "nginx load CDN acceleration method to get real ip" This article is shared here, I hope the above content can be of some help to everyone, so that you can learn more knowledge, if you think the article is good, please share it to let more people see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.