nginx acquired after obtaining the source IP forwarding N layer Nginx real source IP access

1. nginx profile acquired source IP configuration items
proxy_set_header the Host Host $;
proxy_set_header X-Real-IP $ REMOTE_ADDR; # web server using the general X-Real-IP acquires the source IP
proxy_set_header for X-Forwarded-$ proxy_add_x_forwarded_for ; # if the server is nginx as a reverse proxy server, this configuration item is a must; otherwise you do not see the source IP

2. nginx proxy server module
nginx reverse proxy to achieve by ngx_http_proxy_module module; when nginx start the service load conf,
 reads the configuration item proxy_set_header of; to get the required variables. proxy_set_header is used to set the header request;
 example: Set above host X-Real-IP x-  forwarded-for

 

Meaning 3.3 CI
host: domain name as long as the user to access the browser bundled with VIP VIP below RS; it will use $ host; host is accessing the URL domain name and port www.taobao.com:80
X-real-IP: the source IP [$ remote_addr, establishing the HTTP connection header inside] assigned to the X-Real-IP; such code $ X-Real-IP
 acquires the source IP
X-Forwarded-for: in nginx as proxy servers, IP list of the settings, the machine will after ip, ip proxy machine are recorded, with [,] apart; the code by the echo $ x-forwarded-for | awk -F, '{print } $ 1 'as the source IP

4. Reference article
http://zhidao.baidu.com/link?url=Yo2Ll5pSBADoGrAoTEBpU8pRrCk5rR57FTGTSSwUzkioDPRJ52zAKLpME1tcgjxv4-WEIwg5brp3g_VophAHk_

http://www.cnblogs.com/discuss/articles/1862259.html

http://www.douban.com/note/215633780/

---------------------
Author: caoshuming_500
Source: CSDN
Original: https: //blog.csdn.net/caoshuming_500/article/details/20952329 

linux get through the N layer Nginx forwarding real source IP access

Usually the system for security reasons, the need for permission (username, password) and IP whitelist control. How to get access to the source of the real IP, set the load if the company web portal, its own operating system settings such as nginx proxy, you will achieve the goal is not so straightforward.

Normally we use request.getRemoteAddr () you can get to the client ip, but when we use nginx as a reverse proxy, as between the client and the web server adds intermediate layer, the web server can not directly get to the client ip, get through $ remote_addr variable will be the reverse proxy server ip address. If we want to get at the web end user's real ip, it is necessary to make an assignment in nginx here, as follows:
proxy_set_header X-real-ip $ REMOTE_ADDR;
wherein the X-real-ip is a custom variable name, so true ip is placed on the user's X-real-ip this variable, and then, so you can get in a web end: request.getAttribute ( "X-real- ip"). But if the middle after N times over the proxy request, X-real-ip can only get to the previous layer proxy IP (10.6.61.14), here is my solution:

 

 

IP is the red part of the X-Forwarded-For (referred XFF head) acquisition: it represents the client-side HTTP request that is true IP, will be added only through the HTTP proxy server or load balancer (without obtaining empty) standard format as follows:
X-Forwarded-the For-: client1, Proxy1, Proxy2
can be seen from the standard format, X-Forwarded-For header may have multiple, separated by a comma, the first for the real client ip, the rest is used to go through a proxy or load balancer ip address, there will be a few after a few.
My Nginx specific configuration is as follows:

 

About Definition:
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for;
mean increase (not covered) a $ proxy_add_x_forwarded_for to the X-Forwarded-For to go.
For example, a web application, before forwarding it through the two nginx. In the first nginx using
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ;
now $ proxy_add_x_forwarded_for variable "X-Forwarded-For" part is empty, so only $ REMOTE_ADDR, the value of the variable of $ remote_addr IP user, so after the assignment, the value of X-Forwarded-For real variable is the user's ip address of.
To a second nginx, using
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ;
now $ proxy_add_x_forwarded_for variable, X-Forwarded-For part contains the real ip user, the value of $ REMOTE_ADDR portion is on a nginx ip address, so by this assignment after the value of the X-Forwarded-For now it becomes a "real users ip, ip first of nginx."

So I used in the program request.getHeader ( "x-forwarded-for "). ToString (). Split ( ",") [0] will be able to get access to the customer's real IP, do not worry about it in front of several layers forward .
---------------------
Author: zhenzhendeblog
Source: CSDN
Original: https: //blog.csdn.net/zhenzhendeblog/article/details/49702575