Nginx reverse proxy Get IP address

Nginx reverse proxy, the IP obtained in the application is the IP of the reverse proxy server, the domain name is also the reverse proxy configuration URL of the domain name, to solve the problem, you need to add some configuration information in Nginx reverse proxy configuration, the purpose of the client's real IP and domain name passed to the application.

When the Nginx reverse proxy is configured, the following configuration is typically added:

Proxy_set_header Host $host;
Proxy_set_header X-real-ip $remote _addr;
Proxy_set_header remote-host $remote _addr;
Proxy_set_header x-forwarded-for $proxy _add_x_forwarded_for;

The first line about the host configuration, is about the domain name delivery configuration, the rest of the IP-related.

First look at the processing of C # code:

#regionGets the IP address of the client when the reverse proxy getclientip/// <summary>///gets the IP address of the client when the reverse proxy/// </summary> /// <returns>return client Real IP</returns>Private stringGetclientip () {httprequestbase request=httpcontext.request; stringIP = Request. Headers.get ("x-forwarded-for"); if(IP = =NULL|| Ip. Length = =0||string. Equals ("Unknown", IP, stringcomparison.ordinalignorecase)) {IP= Request. Headers.get ("Proxy-client-ip"); }    if(IP = =NULL|| Ip. Length = =0||string. Equals ("Unknown", IP, stringcomparison.ordinalignorecase)) {IP= Request. Headers.get ("Wl-proxy-client-ip"); }     if(IP = =NULL|| Ip. Length = =0||string. Equals ("Unknown", IP, stringcomparison.ordinalignorecase)) {IP=request.     userhostaddress; }       returnIP; } 

However, it should be noted that through Nginx reverse proxy, if the access IP through a few layers of proxy, the possible IP address is this format: ClientIP, Proxy1, Proxy2. You may need to insert a database to prevent malicious database injection. So the format of the above IP address should be intercepted.

        #regionGets the IP address of the client when the reverse proxy getclientip/// <summary>        ///gets the IP address of the client when the reverse proxy/// </summary>        /// <returns>return client Real IP</returns>        Private stringGetclientip () {httprequestbase request=httpcontext.request; stringIP = Request. Headers.get ("x-forwarded-for"); if(IP = =NULL|| Ip. Length = =0||string. Equals ("Unknown", IP, stringcomparison.ordinalignorecase)) {IP= Request. Headers.get ("Proxy-client-ip"); }            if(IP = =NULL|| Ip. Length = =0||string. Equals ("Unknown", IP, stringcomparison.ordinalignorecase)) {IP= Request. Headers.get ("Wl-proxy-client-ip"); }            if(IP = =NULL|| Ip. Length = =0||string. Equals ("Unknown", IP, stringcomparison.ordinalignorecase)) {IP=request.            userhostaddress; }            //The following formats may be present: X-forwarded-for:client, Proxy1, Proxy2            inti =0; if(IP. Contains (", "))            {                //If there are multiple reverse proxies, the obtained IP is a comma-delimited collection of IP, taking the first//x-forwarded-for:client the first one                string[] Ipaddrs = IP. Split (New string[1] {", "},stringsplitoptions.removeemptyentries);  for(i=0; I<ipaddrs. length;i++)                {                    if(ipaddrs[i]!="")                    {                        if(false==Isinnerip (Ipaddrs[i])//Determine whether the intranet IP {IPAddress realip; if(Ipaddress.tryparse (Ipaddrs[i), outRealip) && Ipaddrs[i]. Split ('.'). Length = =4)                            {//Legal IP                                returnIpaddrs[i]; }                            Else                            {//Illegal IP//IP address does not conform to specification} }}} IP= ipaddrs[0];//default takes the first IP address            }                        returnIP; }         #endregion

It was found that although the first clientip of the above IP address was intercepted, it was found that the IP address was sometimes read as an intranet IP. So add the IP of the intranet to judge.

        #regionDetermine if the IP address is a LAN intranet address/// <summary>        ///determine if the IP address is an intranet IP address/// </summary>        /// <param name= "ipAddress" >IP Address string</param>        /// <returns></returns>        Private  BOOLIsinnerip (String ipAddress) {BOOLIsinnerip =false; ULONGIpnum =Ip2ulong (ipAddress); /** Private Ip:a class 10.0.0.0-10.255.255.255 B class 172.16.0.0-172.31.255.255 Class C 192.168.0.0-192.168.255.255 Of course, there are 127 of this network segment is the loopback address **/            ULONGAbegin = Ip2ulong ("10.0.0.0"); ULONGAend = Ip2ulong ("10.255.255.255"); ULONGBbegin = Ip2ulong ("172.16.0.0"); ULONGBEnd = Ip2ulong ("172.31.255.255"); ULONGCbegin = Ip2ulong ("192.168.0.0"); ULONGCend = Ip2ulong ("192.168.255.255"); Isinnerip= Isinner (Ipnum, Abegin, aend) | | Isinner (Ipnum, Bbegin, bEnd) | | Isinner (Ipnum, Cbegin, cend) | | Ipaddress.equals ("127.0.0.1"); returnIsinnerip; }        /// <summary>        ///convert IP address to long number/// </summary>        /// <param name= "ipAddress" >IP Address string</param>        /// <returns></returns>        Private ULONGIp2ulong (stringipAddress) {            byte[] bytes =Ipaddress.parse (IPAddress).            Getaddressbytes (); ULONGRET =0; foreach(byteBinchbytes) {ret<<=8; RET|=b; }            returnret; }        /// <summary>        ///determine if the IP address of the user is converted to long after the IP address of the intranet is in range/// </summary>        /// <param name= "Userip" ></param>        /// <param name= "Begin" ></param>        /// <param name= "End" ></param>        /// <returns></returns>        Private BOOLIsinner (ULONGUserip,ULONGBeginULONGend) {            return(Userip >= Begin) && (Userip <=end); }        #endregion

Later found that Nginx reverse proxy, the resulting IP address format is unknown, 86.15.56.29. Then continue to do the processing.

 if(IP. Contains (", ")) {    //If there are multiple reverse proxies, the obtained IP is a comma-delimited collection of IP, taking the first//x-forwarded-for:client the first one     string[] Ipaddrs = IP. Split (New string[1] {", "}, Stringsplitoptions.removeemptyentries); IP= ipaddrs[0];//First IP address is taken by default    foreach(stringIPAddrinchIpaddrs) {     if(IPAddr! =""&& ipaddr. Split ('.'). Length = =4&&string. Equals ("Unknown", ipaddr,stringcomparison.ordinalignorecase) = =false)     {//Special IP address structure corresponding to some special acquisition unknown, 86.15.56.29          if(false==Isinnerip (IPADDR))              {IPAddress realip; if(Ipaddress.tryparse (IPADDR, outrealip)) {//Legal IPIP =ipaddr;  Break;//just find a non-intranet IP address, then jump out of the loop              }              Else               {//Illegal IPLoghelper.writelog (Loghelper.ip_thread_log +"_"+ MAPP,string. Format ("Illegal IP address: \n{0}", ipaddr)); }          }       }       }       }

The combination of the above to get the IP address, can be found, in fact, can not be completely to the real IP address. Because the IP address can be forged. So you can get it this way. However, it is important to make some special judgments and deal with them so as to prevent them from being inserted into the database and causing abnormal phenomena.

Nginx reverse proxy Get IP address