Solve the problem that Nginx logs cannot obtain the remote access ip Address

Solve the problem that Nginx logs cannot obtain the remote access ip Address

The company has an application where the backend Web uses Nginx. All Nginx requests are forwarded by the front-end proxy. All the variables used to obtain the remote ip in the log format use

$ Http_x_forwarded_for was originally used well, but one day the log analysis script showed that the IP addresses of many requests were empty, probably in the following format:

---[20/May/2014: 02: 23: 44-0700] "GET/favi. ico HTTP/1.1 "404 56"-"" Mozilla/5.0 (Windows NT 6.1; rv: 2.0) Geo/20100101 Firefox/4.0 "-_ cust = running route 4a5bb94dd441f61302282103-0.002-

---[20/May/2014: 06: 18: 28-0700] "GET/favi. ico HTTP/1.1 "404 56"-"" Mozilla/5.0 (Windows NT 6.1; rv: 2.0) Gec/20100101 Firefox/4.0 "-_ cust = running route 4a5bb94dd441f61302282103--0.001

---[20/May/2014: 06: 18: 28-0700] "GET/favi. ico HTTP/1.1 "404 56"-"" Mozilla/5.0 (Windows NT 6.1; rv: 2.0) Gec/20100101 Firefox/4.0 "-_ cust = running route 4a5bb94dd441f61302282103--0.001

I hate it. Why is this access ip address empty? After analysis, the problem should be in the $ http_x_forwarded_for variable, because the variable obtains the ip address through the proxy server, if some requests are not directly bound to the proxy server

When the host of the server accesses this server, $ http_x_forwarded_for cannot obtain the real IP address, so the log IP address becomes "-", then we can use $ remote_addr to get the ip address of the guy Who binds the Server ip address to access the server.

However, the ip address accessed by the proxy cannot be obtained. What should we do? The method is as follows:

Set $ remote_addrx $ http_x_forwarded_for;

If ($ remote_addrx ~ ""){

Set $ remote_addrx $ remote_addr;

}

Then use the newly defined $ remote_addrx variable in log_format to replace $ http_x_forwarded_for.

I hope this article will be useful to my friends (* ^__ ^ *)

--------------------------------------------------------------------

Later, I found that in some cases the above method does not get an ip address, and the following information is displayed in the search:

I. No proxy server is used:

REMOTE_ADDR = your IP address

HTTP_VIA = no value or no display

HTTP_X_FORWARDED_FOR = no value or no display

Ii. Transparent proxy server: Transparent Proxies

REMOTE_ADDR = IP address of the last Proxy Server

HTTP_VIA = Proxy Server IP Address

HTTP_X_FORWARDED_FOR = your real IP address. When multiple proxy servers are used, this value is similar to the following: 203.98.1820.3, 203.98.1820.3, 203.129.72.215.

This type of proxy server still forwards your information to your access object, which cannot hide your real identity.

Iii. Normal Anonymous proxy server: Anonymous Proxies

REMOTE_ADDR = IP address of the last Proxy Server

HTTP_VIA = Proxy Server IP Address

HTTP_X_FORWARDED_FOR = Proxy Server IP address. When multiple proxy servers are used, this value is similar to the following: 203.98.1820.3, 203.98.1820.3, 203.129.72.215.

Your real IP address is hidden, but you are disclosed to the access object that you use the proxy server to access them.

Iv. destorting Proxies

REMOTE_ADDR = Proxy Server IP Address

HTTP_VIA = Proxy Server IP Address

HTTP_X_FORWARDED_FOR = random IP address. When multiple proxy servers are used, the value is as follows: 203.98.182.163, 203.98.182.163, 203.129.72.215.

It tells the access object that you used the proxy server, but fabricated a false random IP address instead of your real IP address to cheat it.

5. High Anonymity Proxies (Elite proxies)

REMOTE_ADDR = Proxy Server IP Address

HTTP_VIA = no value or no display

HTTP_X_FORWARDED_FOR = no value or no value is displayed. When multiple proxy servers are used, the value is similar to the following: 203.98.182.163, 203.98.182.163, 203.129.72.215.

The proxy server information replaces all your information, just as you directly access the object using the proxy server.

--------------------------------------------------------------------

If you encounter the above situations, you can capture packets on the server ~~~

-------------------------------------- Split line --------------------------------------

Deployment of Nginx + MySQL + PHP in CentOS 6.2

Build a WEB server using Nginx

Build a Web server based on Linux6.3 + Nginx1.2 + PHP5 + MySQL5.5

Performance Tuning for Nginx in CentOS 6.3

Configure Nginx to load the ngx_pagespeed module in CentOS 6.3

Install and configure Nginx + Pcre + php-fpm in CentOS 6.4

Nginx installation and configuration instructions

Nginx log filtering using ngx_log_if does not record specific logs

-------------------------------------- Split line --------------------------------------

Nginx details: click here
Nginx: click here

This article permanently updates the link address: