Nginx performs load CDN acceleration to obtain the real ip address of the client

Source: Internet
Author: User
Tags nginx load balancing
Nginx performs load CDN acceleration to obtain the real ip address. when nginx does load to obtain the real ip address without using cdn, nginx configuration is as follows: Java code proxy_set_headerHost $ host; proxy_set_headerX-Real-IP $ remote _... nginx performs load CDN acceleration to obtain the real ip address. when nginx does load to obtain the real ip address without using cdn, nginx configuration is as follows: Java code proxy_set_header Host $ host; proxy_set_header X-Real-IP $ remote_addr; proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for; then the backend server obtains the ip Code: Java code String address = request. getHeader ("X-Forwarded-For"); I F (address! = Null & address. length ()> 0 &&! "Unknown". your signorecase (address) {return address; www.2cto.com} address = request. getHeader ("Proxy-Client-IP"); if (address! = Null & address. length ()> 0 &&! "Unknown". inclusignorecase (address) {return address;} address = request. getHeader ("WL-Proxy-Client-IP"); if (address! = Null & address. length ()> 0 &&! "Unknown". inclusignorecase (address) {return address;} return request. getRemoteAddr (); in this way, the server can obtain the real IP address and test it:
If cdn is not added, the obtained IP address is 123.116.126.51 (the real IP address of my current client). Then, after cdn is added, the IP address is 123.116.126.51, 202.108.251.166 (the ip address hosts points to the cdn) that is, the real IP address of the client, the proxy IP address, google, X-Forwarded-For: The XFF header, which represents the client, that is, the real IP address of the HTTP request end, this option is added only when the HTTP proxy or server load balancer is passed.
The standard format is as follows: X-Forwarded-For: client1, proxy1, and proxy2. from the standard format, we can see that there can be multiple X-Forwarded-For headers separated by commas, the first item is the real client ip address, and the rest is the ip address of the proxy or server load balancer that has been used before. several ip addresses will appear after several. When Nginx is set to X-Forwarded-For equal to $ proxy_add_x_forwarded_for, there will be two situations: www.2cto.com 1. if the request from CDN is not set to X-Forwarded-For (normally this will not happen) ), when Nginx is set to $ proxy_add_x_forwarded_for, The X-Forwarded-For information should be the cdn ip address, because the client is CDN as opposed to Nginx load balancing, in this way, the backend web programs cannot obtain the IP addresses of real users. 2. X-Forwarded-For is set For CDN. Here we set it again and the value is $ proxy_add_x_forwarded_for. then, the content of X-Forwarded-For is changed to "client IP address, CDN ip address "if this is the case, then the backend program uses X-Forwarded-For to obtain the client IP address, then use the first item separated by commas. This is a headache. if you only want to obtain the real ip address of the client, you can only modify the backend code. if there are multiple ip addresses, take the first one. This is not what I want, so how can I achieve real IP without modifying it? Nginx also contains the $ http_x_forwarded_for variable, which stores the X-Forwarded-For information in the request. If the backend program that obtains the X-Forwarded-For information has poor compatibility (not considering that X-Forwarded-For contains multiple IP addresses ), it is best not to set X-Forwarded-For to $ proxy_add_x_forwarded_for. It should be set to $ http_x_forwarded_for or simply not! The above section means that we do not add $ proxy_add_x_forwarded_for, but in this case, the real IP address will not be obtained without cdn. Is there a way to keep the best of both worlds? After several configurations, we found that the following configuration was performed: Java code www.2cto.com proxy_set_header X-Forwarded-For $ http_x_forwarded_for; proxy_set_header X-Forwarded-For $ scheme; the first time the configuration gets $ scheme, if not, obtain $ proxy_add_x_forwarded_for. In this way, you can obtain a client IP no matter whether the client is in the cdn environment or not. (Note: multi-layer agent not tested) lavafree
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.