服務器 獲取用戶 真實ip
在有代理的情況下,因為要代替客戶端去訪問服務器,所以,當請求包經過反向代理後,在代理服務器這裏這個IP數據包的IP包頭做了修改,最終後端WEB服務器得到的數據包的頭部源IP地址是代理服務器的IP地址。這樣一來,後端服務器的程序就無法獲取用戶的真實ip。
nginx有代理的情況:
在nginx中配置中加入
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Apache有代理的情況:
vi /usr/local/apache/conf/httpd.conf
Include conf/extra/httpd-remoteip.conf
vi /usr/local/apache/conf/extra/httpd-remoteip.conf
LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1
代碼 示例
string GetClientIp(CgiInput* poInput)
{
string client_ip = "";
string strClientIPList;
GetHttpHeader("X-Forwarded-For", strClientIPList);
if (strClientIPList.empty())
{
GetHttpHeader("X-Real-IP", strClientIPList);
}
if (!strClientIPList.empty())
{
size_t iPos = strClientIPList.find( "," );
if( iPos != std::string::npos )
{
client_ip = strClientIPList.substr( iPos );
}
else
{
client_ip = strClientIPList;
}
}
if (client_ip.empty())
{
GetHttpHeader("PROXY_FORWARDED_FOR", strClientIPList);
// 做下兼容
if(strClientIPList.empty())
{
client_ip = getRemoteAddr();
}
else
{
size_t iPos = strClientIPList.find( "," );
if( iPos != std::string::npos )
{
client_ip = strClientIPList.substr( iPos );
}
else
{
client_ip = strClientIPList;
}
}
}
if(!MMPayCommFunc::IsIp(client_ip))
client_ip = getRemoteAddr();
return client_ip;
}
服務器 獲取用戶 真實ip