Apapche獲取真實IP地址方法
測試環境
IP相關資訊
VPC環境
ECS內網IP:10.0.xx.177
ECS公網IP:121.196.xx.22
SLB的IP:118.178.xx.145 http監聽 80埠
WAF測試域名:test.pierxx.cn
WAF測試域名對應Cname:rxqetx2tcwmn7oqjmykc0xxxx.aliyunwaf.com (101.37.xx.177)
高防測試域名對應Cname: 89xxxxxbag6.gfnormal07ai.com (116.211.xxx.155)
版本資訊
[root@iZbp106q0xxxxx1hrrgbedZ ~]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Oct 19 2017 20:39:16
[root@iZbp106q0xxx1hrrgbedZ ~]# uname -a
Linux iZbp106q0xxxhrrgbedZ 3.10.0-693.2.2.el7.x86_64 #1 SMP Tue Sep 12 22:26:13 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@iZbp106qxxxxgbedZ ~]# lsb_release -a
LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description: CentOS Linux release 7.4.1708 (Core)
Release: 7.4.1708
Codename: Core
[root@iZbp106xxxxrrgbedZ ~]#安裝的配置目錄結構
[root@iZbp106q07wxxxxdZ httpd]# pwd
/etc/httpd
[root@iZbp106q07xxxxgbedZ httpd]# tree
.
├── conf
│ ├── httpd.conf
│ └── magic
├── conf.d
│ ├── autoindex.conf
│ ├── README
│ ├── userdir.conf
│ └── welcome.conf
├── conf.modules.d
│ ├── 00-base.conf
│ ├── 00-dav.conf
│ ├── 00-lua.conf
│ ├── 00-mpm.conf
│ ├── 00-proxy.conf
│ ├── 00-systemd.conf
│ └── 01-cgi.conf
├── logs -> ../../var/log/httpd
├── modules -> ../../usr/lib64/httpd/modules
└── run -> /run/httpd
6 directories, 13 files配置vhost
[root@iZbp106q0xxxxxbedZ conf.d]# cat httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.localhost
DocumentRoot "/webroot"
ServerName test.pixxx.cn
#ServerAlias localhost
ErrorLog "logs/fexxan.localhost-error.log"
CustomLog "logs/fxxan-access.log" common
<Directory /webroot>
Options -Indexes +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
[root@iZbp106q07wqxxxxxedZ conf.d]# service httpd restart
Redirecting to /bin/systemctl restart httpd.service
[root@iZbp106q07xxxxrrgbedZ conf.d]#mod_remoteip方法
1、驗證模組
[root@iZbp106q07wxxxxZ httpd]# cat conf.modules.d/* | grep mod_remoteip
LoadModule remoteip_module modules/mod_remoteip.so
[root@iZbp106q07wxxxxdZ httpd]# cat conf/* | grep conf.modules
Include conf.modules.d/*.conf
[root@iZbp106q07xxxxrgbedZ httpd]#apachectl -M | grep remoteip_module
remoteip_module (shared)如上內容,模組mod_remoteip已經安裝 已經載入了,關於該模組的介紹請點這裡。
2、修改配置
在主配置檔案中加入:%{X-Forwarded-For}i
路徑:/etc/httpd/conf/httpd.conf
配置修改前
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio
</IfModule>配置修改後
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %{X-Forwarded-For}i %l %u %t "%r" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %a %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio
</IfModule>3、生效確認
配置前
100.116.xx.179 - - [07/Jan/2018:13:10:31 +0800] "GET / HTTP/1.0" 304 -
100.116.xx.177 - - [07/Jan/2018:13:10:33 +0800] "GET / HTTP/1.0" 304 -
100.116.xx.189 - - [07/Jan/2018:13:10:33 +0800] "GET / HTTP/1.0" 304 -
3.1、 一層轉發
鏈路: Client->SLB->ECS
120.24.xx.201 100.116.x.150 - - [07/Jan/2018:13:36:10 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201 100.116.x.202 - - [07/Jan/2018:13:36:11 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201 100.116.x.136 - - [07/Jan/2018:13:36:12 +0800] "GET / HTTP/1.1" 200 33.2、二層轉發
鏈路: Client->WAF->SLB->ECS
120.24.x.201, 120.27.x.39 100.116.x.204 - - [07/Jan/2018:13:44:56 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 118.178.x.115 100.116.x.128 - - [07/Jan/2018:13:44:56 +0800] "GET / HTTP/1.1" 200 3
120.24.xx.201, 120.27.xx.52 100.116.xx.201 - - [07/Jan/2018:13:44:56 +0800] "GET / HTTP/1.1" 200 33.3、 三層轉發
鏈路: Client->高防->WAF->SLB->ECS
120.24.x.201, 116.211.x.12, 120.27.x.33 100.116.x.233 - - [07/Jan/2018:14:24:53 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 116.211.x.9, 120.27.x.50 100.116.x.217 - - [07/Jan/2018:14:24:53 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 116.211.x.9, 120.27.x.39 100.116.x.213 - - [07/Jan/2018:14:24:53 +0800] "GET / HTTP/1.0" 200 3mod_rpaf方法
1、 驗證模組
[root@iZbp106qxedZ httpd]# cat conf.modules.d/* | grep mod_rpaf
[root@iZbp106q0xbedZ httpd]# apachectl -M | grep mod_rpaf
[root@iZbp106xu1hrrgbedZ httpd]#mod_rpaf沒有安裝好,需要單獨安裝
安裝過程不在此處描述
安裝完成後的檢查
[root@iZbp106q0xZ httpd]# cat conf.modules.d/* | grep mod_rpaf
LoadModule rpaf_module modules/mod_rpaf.so
[root@iZbp1xbedZ httpd]# apachectl -M | grep rpaf
rpaf_module (shared)2、 mod_rpaf 配置
檔案路徑:/etc/httpd/conf.modules.d/01-rpaf.conf
01-rpaf.conf該檔案為新建立的。
[root@iZbp106q0x conf.modules.d]# cat 01-rpaf.conf
LoadModule rpaf_module modules/mod_rpaf.so
RPAF_Enable On
RPAF_ProxyIPs 0.0.0.0
RPAF_SetHostName On
RPAF_SetHTTPS On
RPAF_SetPort On
RPAF_ForbidIfNotProxy Off3、 修改配置
在主配置檔案中加入:%{X-Forwarded-For}i
路徑:/etc/httpd/conf/httpd.conf
配置修改前
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio
</IfModule>配置修改後
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%{X-Forwarded-For}i %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%{X-Forwarded-For}i %h %l %u %t "%r" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog "logs/access_log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
CustomLog "logs/access_log" combined
</IfModule>4、 生效確認
配置前
100.116.x.171 - - [07/Jan/2018:15:46:25 +0800] "GET / HTTP/1.0" 200 3
100.116.x.135 - - [07/Jan/2018:15:46:25 +0800] "GET / HTTP/1.1" 200 3
100.116.x.225 - - [07/Jan/2018:15:46:25 +0800] "GET / HTTP/1.0" 200 34.1、 一層轉發
鏈路: Client->SLB->ECS
120.24.x.201 100.116.x.165 - - [07/Jan/2018:15:44:52 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201 100.116.x.138 - - [07/Jan/2018:15:44:52 +0800] "GET / HTTP/1.1" 200 3
120.24.x.201 100.116.x.227 - - [07/Jan/2018:15:44:52 +0800] "GET / HTTP/1.0" 200 34.2、 二層轉發
鏈路: Client->WAF->SLB->ECS
120.24.x.201, 118.178.x.117 100.116.x.167 - - [07/Jan/2018:15:47:23 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 118.178.x.115 100.116.x.155 - - [07/Jan/2018:15:47:23 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 120.27.x.39 100.116.x.142 - - [07/Jan/2018:15:47:23 +0800] "GET / HTTP/1.1" 200 34.3、 三層轉發
鏈路: Client->高防->WAF->SLB->ECS
120.24.x.201, 116.211.x.14, 120.27.x.33 100.116.x.221 - - [07/Jan/2018:15:48:05 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 116.211.x.3, 118.178.x.115 100.116.x.170 - - [07/Jan/2018:15:48:05 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 116.211.x.18, 120.27.x.52 100.116.x.164 - - [07/Jan/2018:15:48:06 +0800] "GET / HTTP/1.0" 200 3附錄
相關文章
- 獲取真實IP地址
- 獲取IP地址方法
- 【Go】獲取使用者真實的ip地址Go
- 【Go】獲取使用者真實的 ip 地址Go
- nginx後端獲取真實ipNginx後端
- 獲取客戶端真實IP客戶端
- 獲取訪問者真實ip地址?我覺得不可能
- reactnative獲取裝置真實ip地址和ip對映的地理位置React
- saltstack獲取IP地址
- 獲取IP地址命令
- PHP獲取IP地址的方法,防止偽造IP地址注入攻擊PHP
- .net 獲取客戶端真實ip客戶端
- java 獲取客戶端真實ipJava客戶端
- 獲取使用者的真實ip
- Nginx環境使用CDN加速後網站日誌獲取真實使用者IP地址方法Nginx網站
- ASPNET獲取IP地址 MAC地址Mac
- java獲取ip地址和mac地址JavaMac
- 7個獲取訪問者真實IP的方法,速學!!!
- 使用 geoip2/geoip2,如何獲取真實使用者 IP 地址
- 美國ip地址如何獲取?
- laravel symfony request獲取真實ip的坑Laravel
- PHP 獲取使用者真實的ipPHP
- 取IP地址的方法
- js根據ip地址獲取省份城市的方法JS
- Java 中獲取MAC地址 和IP地址JavaMac
- 如何獲取海外住宅IP地址?
- jQuery獲取本機ip地址jQuery
- Java獲取本機ip地址Java
- 伺服器獲取真實客戶端 IP伺服器客戶端
- 實用Linux下獲取公網IP地址Linux
- Java面試題-如何獲取客戶端真實IPJava面試題客戶端
- 華納雲:怎麼獲取伺服器真實ip伺服器
- 如何獲取終端使用者的真實ip
- java獲取本機的ip地址Java
- 獲取本地的IP地址(內網)內網
- DHCP獲取IP地址的過程
- Oracle獲取連線的IP地址Oracle
- Linux Shell指令碼中獲取本機ip地址方法Linux指令碼