Apapche獲取真實IP地址方法

楓凡發表於2018-01-07

測試環境

IP相關資訊

VPC環境
ECS內網IP：10.0.xx.177
ECS公網IP：121.196.xx.22
SLB的IP：118.178.xx.145 http監聽 80埠
WAF測試域名：test.pierxx.cn
WAF測試域名對應Cname：rxqetx2tcwmn7oqjmykc0xxxx.aliyunwaf.com (101.37.xx.177)
高防測試域名對應Cname: 89xxxxxbag6.gfnormal07ai.com (116.211.xxx.155)

版本資訊

[root@iZbp106q0xxxxx1hrrgbedZ ~]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Oct 19 2017 20:39:16
[root@iZbp106q0xxx1hrrgbedZ ~]# uname -a
Linux iZbp106q0xxxhrrgbedZ 3.10.0-693.2.2.el7.x86_64 #1 SMP Tue Sep 12 22:26:13 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@iZbp106qxxxxgbedZ ~]# lsb_release -a
LSB Version:    :core-4.1-amd64:core-4.1-noarch
Distributor ID:    CentOS
Description:    CentOS Linux release 7.4.1708 (Core)
Release:    7.4.1708
Codename:    Core
[root@iZbp106xxxxrrgbedZ ~]#

安裝的配置目錄結構

[root@iZbp106q07wxxxxdZ httpd]# pwd
/etc/httpd
[root@iZbp106q07xxxxgbedZ httpd]# tree
.
├── conf
│   ├── httpd.conf
│   └── magic
├── conf.d
│   ├── autoindex.conf
│   ├── README
│   ├── userdir.conf
│   └── welcome.conf
├── conf.modules.d
│   ├── 00-base.conf
│   ├── 00-dav.conf
│   ├── 00-lua.conf
│   ├── 00-mpm.conf
│   ├── 00-proxy.conf
│   ├── 00-systemd.conf
│   └── 01-cgi.conf
├── logs -> ../../var/log/httpd
├── modules -> ../../usr/lib64/httpd/modules
└── run -> /run/httpd

6 directories, 13 files

配置vhost

[root@iZbp106q0xxxxxbedZ conf.d]# cat httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.localhost
DocumentRoot "/webroot"
ServerName test.pixxx.cn
#ServerAlias localhost
ErrorLog "logs/fexxan.localhost-error.log"
CustomLog "logs/fxxan-access.log" common
<Directory /webroot>
  Options -Indexes +FollowSymlinks
  AllowOverride All
  Require all granted
</Directory>
</VirtualHost>
[root@iZbp106q07wqxxxxxedZ conf.d]# service httpd  restart
Redirecting to /bin/systemctl restart httpd.service
[root@iZbp106q07xxxxrrgbedZ conf.d]#

mod_remoteip方法

1、驗證模組

[root@iZbp106q07wxxxxZ httpd]# cat conf.modules.d/* | grep mod_remoteip
LoadModule remoteip_module modules/mod_remoteip.so
[root@iZbp106q07wxxxxdZ httpd]# cat conf/* | grep conf.modules
Include conf.modules.d/*.conf
[root@iZbp106q07xxxxrgbedZ httpd]#apachectl -M  | grep remoteip_module
 remoteip_module (shared)

如上內容，模組mod_remoteip已經安裝已經載入了，關於該模組的介紹請點這裡。

2、修改配置
在主配置檔案中加入：%{X-Forwarded-For}i
路徑：/etc/httpd/conf/httpd.conf
配置修改前

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h  %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
    LogFormat "%h  %l %u %t "%r" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h  %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio
    </IfModule>

配置修改後

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
    LogFormat "%h %{X-Forwarded-For}i %l %u %t "%r" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %a %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio
    </IfModule>

3、生效確認
配置前

100.116.xx.179 - - [07/Jan/2018:13:10:31 +0800] "GET / HTTP/1.0" 304 -
100.116.xx.177 - - [07/Jan/2018:13:10:33 +0800] "GET / HTTP/1.0" 304 -
100.116.xx.189 - - [07/Jan/2018:13:10:33 +0800] "GET / HTTP/1.0" 304 -

3.1、一層轉發
鏈路： Client->SLB->ECS

120.24.xx.201 100.116.x.150  - - [07/Jan/2018:13:36:10 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201 100.116.x.202  - - [07/Jan/2018:13:36:11 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201 100.116.x.136  - - [07/Jan/2018:13:36:12 +0800] "GET / HTTP/1.1" 200 3

3.2、二層轉發
鏈路： Client->WAF->SLB->ECS

120.24.x.201, 120.27.x.39 100.116.x.204  - - [07/Jan/2018:13:44:56 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 118.178.x.115 100.116.x.128  - - [07/Jan/2018:13:44:56 +0800] "GET / HTTP/1.1" 200 3
120.24.xx.201, 120.27.xx.52 100.116.xx.201  - - [07/Jan/2018:13:44:56 +0800] "GET / HTTP/1.1" 200 3

3.3、三層轉發
鏈路： Client->高防->WAF->SLB->ECS

120.24.x.201, 116.211.x.12, 120.27.x.33 100.116.x.233  - - [07/Jan/2018:14:24:53 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 116.211.x.9, 120.27.x.50 100.116.x.217  - - [07/Jan/2018:14:24:53 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 116.211.x.9, 120.27.x.39 100.116.x.213  - - [07/Jan/2018:14:24:53 +0800] "GET / HTTP/1.0" 200 3

mod_rpaf方法

1、驗證模組

[root@iZbp106qxedZ httpd]# cat conf.modules.d/* | grep mod_rpaf
[root@iZbp106q0xbedZ httpd]# apachectl -M | grep mod_rpaf
[root@iZbp106xu1hrrgbedZ httpd]#

mod_rpaf沒有安裝好，需要單獨安裝
安裝過程不在此處描述
安裝完成後的檢查

[root@iZbp106q0xZ httpd]# cat conf.modules.d/* | grep mod_rpaf
LoadModule              rpaf_module modules/mod_rpaf.so
[root@iZbp1xbedZ httpd]# apachectl -M | grep rpaf
 rpaf_module (shared)

2、 mod_rpaf 配置
檔案路徑：/etc/httpd/conf.modules.d/01-rpaf.conf
01-rpaf.conf該檔案為新建立的。

[root@iZbp106q0x conf.modules.d]# cat  01-rpaf.conf
LoadModule              rpaf_module modules/mod_rpaf.so
RPAF_Enable             On
RPAF_ProxyIPs           0.0.0.0
RPAF_SetHostName        On
RPAF_SetHTTPS           On
RPAF_SetPort            On
RPAF_ForbidIfNotProxy   Off

3、修改配置
在主配置檔案中加入：%{X-Forwarded-For}i
路徑：/etc/httpd/conf/httpd.conf
配置修改前

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h  %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
    LogFormat "%h  %l %u %t "%r" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h  %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio
    </IfModule>

配置修改後

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%{X-Forwarded-For}i %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
    LogFormat "%{X-Forwarded-For}i %h %l %u %t "%r" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    #CustomLog "logs/access_log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    CustomLog "logs/access_log" combined
</IfModule>

4、生效確認
配置前

100.116.x.171 - - [07/Jan/2018:15:46:25 +0800] "GET / HTTP/1.0" 200 3
100.116.x.135 - - [07/Jan/2018:15:46:25 +0800] "GET / HTTP/1.1" 200 3
100.116.x.225 - - [07/Jan/2018:15:46:25 +0800] "GET / HTTP/1.0" 200 3

4.1、一層轉發
鏈路： Client->SLB->ECS

120.24.x.201 100.116.x.165 - - [07/Jan/2018:15:44:52 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201 100.116.x.138 - - [07/Jan/2018:15:44:52 +0800] "GET / HTTP/1.1" 200 3
120.24.x.201 100.116.x.227 - - [07/Jan/2018:15:44:52 +0800] "GET / HTTP/1.0" 200 3

4.2、二層轉發
鏈路： Client->WAF->SLB->ECS

120.24.x.201, 118.178.x.117 100.116.x.167 - - [07/Jan/2018:15:47:23 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 118.178.x.115 100.116.x.155 - - [07/Jan/2018:15:47:23 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 120.27.x.39 100.116.x.142 - - [07/Jan/2018:15:47:23 +0800] "GET / HTTP/1.1" 200 3

4.3、三層轉發
鏈路： Client->高防->WAF->SLB->ECS

120.24.x.201, 116.211.x.14, 120.27.x.33 100.116.x.221 - - [07/Jan/2018:15:48:05 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 116.211.x.3, 118.178.x.115 100.116.x.170 - - [07/Jan/2018:15:48:05 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 116.211.x.18, 120.27.x.52 100.116.x.164 - - [07/Jan/2018:15:48:06 +0800] "GET / HTTP/1.0" 200 3

附錄

Nginx獲取真實IP

獲取真實IP地址
2014-02-11
獲取IP地址方法
2017-10-10
【Go】獲取使用者真實的ip地址
2019-03-28
Go
【Go】獲取使用者真實的 ip 地址
2019-03-28
Go
nginx後端獲取真實ip
2017-11-17
Nginx後端
獲取客戶端真實ip
2014-10-09
客戶端
獲取訪問者真實ip地址？我覺得不可能
2021-08-26
reactnative獲取裝置真實ip地址和ip對映的地理位置
2018-08-27
React
saltstack獲取IP地址
2019-01-03
獲取IP地址命令
2007-09-19
PHP獲取IP地址的方法,防止偽造IP地址注入攻擊
2018-09-20
PHP
.net 獲取客戶端真實ip
2023-12-05
客戶端
java 獲取客戶端真實ip
2017-10-20
Java客戶端
獲取使用者的真實ip
2015-06-17
Nginx環境使用CDN加速後網站日誌獲取真實使用者IP地址方法
2017-02-10
Nginx網站
ASPNET獲取IP地址 MAC地址
2008-06-23
Mac
java獲取ip地址和mac地址
2011-12-29
JavaMac
使用 geoip2/geoip2，如何獲取真實使用者 IP 地址
2020-04-17
7個獲取訪問者真實IP的方法，速學！！！
2020-07-25
美國ip地址如何獲取？
2021-09-11
laravel symfony request獲取真實ip的坑
2021-09-23
Laravel
PHP 獲取使用者真實的ip
2018-12-25
PHP
取IP地址的方法
2007-04-14
js根據ip地址獲取省份城市的方法
2018-09-10
JS
Java 中獲取MAC地址和IP地址
2011-03-28
JavaMac
如何獲取海外住宅IP地址？
2021-11-17
jQuery獲取本機ip地址
2018-06-27
jQuery
Java獲取本機ip地址
2016-05-18
Java
伺服器獲取真實客戶端 IP
2018-12-08
伺服器客戶端
實用Linux下獲取公網IP地址
2017-07-19
Linux
Java面試題-如何獲取客戶端真實IP
2019-11-06
Java面試題客戶端
華納雲：怎麼獲取伺服器真實ip
2023-03-07
伺服器
如何獲取終端使用者的真實ip
2012-02-13
java獲取本機的ip地址
2020-04-06
Java
獲取本地的IP地址（內網）
2014-08-19
內網
DHCP獲取IP地址的過程
2012-02-28
Oracle獲取連線的IP地址
2015-10-27
Oracle
Linux Shell指令碼中獲取本機ip地址方法
2015-12-24
Linux指令碼