How to find the "CDN" real IP address)

Many websites now use cdn technology. It is difficult to obtain the real IP address of their servers during some tests. I don't know what other good methods are available now, the following two types are available:

1: Use the CDN server to find the real IP address cache_peer 1.1.1.1 parent 80 0 no-query originserver cache_peer_domain 1.1.1.1 www.c2sec.com

2: Check whether HTTP_X_FORWARDED_FOR is empty. If it is not empty, use this as the IP address; otherwise, obtain REMOTE_ADDR as the IP address. If the server can upload files, add the following code to upload the files: Request. serverVariables ("LOCAL_ADDR") 'gets the Server IP address Request. serverVariables ("REMOTE_ADDR") 'to obtain the Client IP Address/this may be a proxy

Request. ServerVariables ("HTTP_X_FORWARDED_FOR") 'to obtain the real IP address of the request Client

3: Check the second-level domain name.

You can refer to the only_guest method to find a foreign server to ping. Generally, the obtained result is a real IP address.

After Baidu came out, it felt so bad.

Continue searching

First, CDN, Server Load balancer, and reverse proxy are divided into multiple layers. Sometimes the outermost CDN server group is found, and the real machines are not open to the outside, similar to the following:

Author: nuclear'atk

User → CDN → one or more real machines

CDN Server 1 user → CDN Server 2 → real machine CDN Server N

--------------------------------------------------------

User → CDN network → one or more reverse proxies → one or more real machines

CDN Server 1 user → CDN Server 2 → Reverse Proxy Server → real machine CDN Server N

Depending on the load requirements of the network, the number of CDN servers and the number of layers are not certain.

If this is the case, the real IP address can be found only when a CDN server reads the record on a daily basis or enters the CDN supplier control system or backend on a daily basis. However, the configurations of those CDN servers are the same and it should be difficult to do so.

(These CDN servers not only act as proxies for this website, but now they all act as proxies for many websites at the same time. This can explain that many irrelevant websites are located at the same IP address, this is a cost-saving solution for CDN server providers. a cdn agent acts on multiple websites at the same time, and the CDN supplier determines how many CDN servers are used based on the amount you pay .)

(These CDN servers are generally used in anti-DDoS pro equipment rooms with a large bandwidth, and most CDN operators also have cloud firewall technology. What is cloud firewall? That is, after any server detects a DDOS attack, it will notify all servers of the source IP addresses of the attack, and all these servers will block these IP addresses at the same time to shield the entire network from DDOS attacks, these servers constitute a powerful anti-DDOS network, which is one of the most effective solutions to combat DDOS attacks .)

(I would like to add some experience. These CDN servers also return different system information based on the HTTP HOST Header (that is, the domain name) You submitted. What's more, as long as the http host header is incorrect (not the domain name it provides services), you can directly disconnect the connection without returning any data, and you will not get any valid information, if you use "Changan assassin-bypass killer v1.2 + CDN Terminator v1.1", You need to select a special mode on the CDN Terminator interface and then explore the network architecture, sometimes there are surprises ......)

There is another type:

User → multiple real-time synchronous cache servers and machines

Cache Server 1 user → Cache Server 2 Cache Server N real machine

If this is the case, it is easy to find out the IP address of the Real Server, because their HTTP Banner and other information are completely different, with "Changan assassin-bypass killer" at a glance.

There are also several other network architectures such as CDN, Server Load balancer, and reverse proxy:

User → Server Load balancer → server group

Cache Server 1 user → Load Balance → Cache Server 2 Cache Server N

--------------------------------------------------------------

User → reverse proxy server → one or more real machines

Real machine 1 user → Reverse Proxy Server → real machine 2 real machine N

Combined with the methods provided by xxbing:

For how to detect the real IP address of the main station, I usually first check the IP address of the sub-station. In one case, the main station uses CDN, and the sub-station does not use it.

For example, if bbs.xxx.com, vip.xxx.com, and pay.xxx.com are all in the 111.111.111.x segment, the main site may also be in the 111.111.111.x segment. Scan 80 of this segment.

This is indeed a good method. It is very practical for large Chinese sites to divide corn. However, many foreign sites are pinged by domain names and the master site is an IP address.

You can run a two-level domain name. What are blog.xxx.com, admin.xxx.com, and root.xxx.com. There are no more than four English characters ..