Apache 获取真实IP地址方法

本文涉及的产品
传统型负载均衡 CLB,每月750个小时 15LCU
Web应用防火墙 3.0,每月20元额度 3个月
EMR Serverless StarRocks,5000CU*H 48000GB*H
简介: 测试环境 IP相关信息 VPC环境ECS内网IP:10.0.xx.177ECS公网IP:121.196.xx.22SLB的IP:118.178.xx.145 http监听 80端口 WAF测试域名:test.

测试环境

IP相关信息

VPC环境
ECS内网IP:10.0.xx.177
ECS公网IP:121.196.xx.22
SLB的IP:118.178.xx.145 http监听 80端口
WAF测试域名:test.pierxx.cn
WAF测试域名对应Cname:rxqetx2tcwmn7oqjmykc0xxxx.aliyunwaf.com (101.37.xx.177)
高防测试域名对应Cname: 89xxxxxbag6.gfnormal07ai.com (116.211.xxx.155)

版本信息

[root@iZbp106q0xxxxx1hrrgbedZ ~]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Oct 19 2017 20:39:16
[root@iZbp106q0xxx1hrrgbedZ ~]# uname -a
Linux iZbp106q0xxxhrrgbedZ 3.10.0-693.2.2.el7.x86_64 #1 SMP Tue Sep 12 22:26:13 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@iZbp106qxxxxgbedZ ~]# lsb_release -a
LSB Version:    :core-4.1-amd64:core-4.1-noarch
Distributor ID:    CentOS
Description:    CentOS Linux release 7.4.1708 (Core)
Release:    7.4.1708
Codename:    Core
[root@iZbp106xxxxrrgbedZ ~]#

安装的配置目录结构

[root@iZbp106q07wxxxxdZ httpd]# pwd
/etc/httpd
[root@iZbp106q07xxxxgbedZ httpd]# tree
.
├── conf
│   ├── httpd.conf
│   └── magic
├── conf.d
│   ├── autoindex.conf
│   ├── README
│   ├── userdir.conf
│   └── welcome.conf
├── conf.modules.d
│   ├── 00-base.conf
│   ├── 00-dav.conf
│   ├── 00-lua.conf
│   ├── 00-mpm.conf
│   ├── 00-proxy.conf
│   ├── 00-systemd.conf
│   └── 01-cgi.conf
├── logs -> ../../var/log/httpd
├── modules -> ../../usr/lib64/httpd/modules
└── run -> /run/httpd

6 directories, 13 files

配置vhost

[root@iZbp106q0xxxxxbedZ conf.d]# cat httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.localhost
DocumentRoot "/webroot"
ServerName test.pixxx.cn
#ServerAlias localhost
ErrorLog "logs/fexxan.localhost-error.log"
CustomLog "logs/fxxan-access.log" common
<Directory /webroot>
  Options -Indexes +FollowSymlinks
  AllowOverride All
  Require all granted
</Directory>
</VirtualHost>
[root@iZbp106q07wqxxxxxedZ conf.d]# service httpd  restart
Redirecting to /bin/systemctl restart httpd.service
[root@iZbp106q07xxxxrrgbedZ conf.d]#

mod_remoteip方法

1、验证模块

[root@iZbp106q07wxxxxZ httpd]# cat conf.modules.d/* | grep mod_remoteip
LoadModule remoteip_module modules/mod_remoteip.so
[root@iZbp106q07wxxxxdZ httpd]# cat conf/* | grep conf.modules
Include conf.modules.d/*.conf
[root@iZbp106q07xxxxrgbedZ httpd]#apachectl -M  | grep remoteip_module
 remoteip_module (shared)

如上内容,模块mod_remoteip已经安装 已经加载了,关于该模块的介绍请点这里

2、修改配置
在主配置文件中加入:%{X-Forwarded-For}i
路径:/etc/httpd/conf/httpd.conf
配置修改前

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h  %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h  %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h  %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

配置修改后

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

3、生效确认
配置前

100.116.xx.179 - - [07/Jan/2018:13:10:31 +0800] "GET / HTTP/1.0" 304 -
100.116.xx.177 - - [07/Jan/2018:13:10:33 +0800] "GET / HTTP/1.0" 304 -
100.116.xx.189 - - [07/Jan/2018:13:10:33 +0800] "GET / HTTP/1.0" 304 -

3.1、 一层转发
链路: Client->SLB->ECS

120.24.xx.201 100.116.x.150  - - [07/Jan/2018:13:36:10 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201 100.116.x.202  - - [07/Jan/2018:13:36:11 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201 100.116.x.136  - - [07/Jan/2018:13:36:12 +0800] "GET / HTTP/1.1" 200 3

3.2、二层转发
链路: Client->WAF->SLB->ECS

120.24.x.201, 120.27.x.39 100.116.x.204  - - [07/Jan/2018:13:44:56 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 118.178.x.115 100.116.x.128  - - [07/Jan/2018:13:44:56 +0800] "GET / HTTP/1.1" 200 3
120.24.xx.201, 120.27.xx.52 100.116.xx.201  - - [07/Jan/2018:13:44:56 +0800] "GET / HTTP/1.1" 200 3

3.3、 三层转发
链路: Client->高防->WAF->SLB->ECS

120.24.x.201, 116.211.x.12, 120.27.x.33 100.116.x.233  - - [07/Jan/2018:14:24:53 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 116.211.x.9, 120.27.x.50 100.116.x.217  - - [07/Jan/2018:14:24:53 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 116.211.x.9, 120.27.x.39 100.116.x.213  - - [07/Jan/2018:14:24:53 +0800] "GET / HTTP/1.0" 200 3

mod_rpaf方法

1、 验证模块

[root@iZbp106qxedZ httpd]# cat conf.modules.d/* | grep mod_rpaf
[root@iZbp106q0xbedZ httpd]# apachectl -M | grep mod_rpaf
[root@iZbp106xu1hrrgbedZ httpd]#

mod_rpaf没有安装好,需要单独安装
安装过程不在此处描述
安装完成后的检查

[root@iZbp106q0xZ httpd]# cat conf.modules.d/* | grep mod_rpaf
LoadModule              rpaf_module modules/mod_rpaf.so
[root@iZbp1xbedZ httpd]# apachectl -M | grep rpaf
 rpaf_module (shared)

2、 mod_rpaf 配置
文件路径:/etc/httpd/conf.modules.d/01-rpaf.conf
01-rpaf.conf该文件为新创建的。

[root@iZbp106q0x conf.modules.d]# cat  01-rpaf.conf
LoadModule              rpaf_module modules/mod_rpaf.so
RPAF_Enable             On
RPAF_ProxyIPs           0.0.0.0
RPAF_SetHostName        On
RPAF_SetHTTPS           On
RPAF_SetPort            On
RPAF_ForbidIfNotProxy   Off

3、 修改配置
在主配置文件中加入:%{X-Forwarded-For}i
路径:/etc/httpd/conf/httpd.conf
配置修改前

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h  %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h  %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h  %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

配置修改后

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    #CustomLog "logs/access_log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    CustomLog "logs/access_log" combined
</IfModule>

4、 生效确认
配置前

100.116.x.171 - - [07/Jan/2018:15:46:25 +0800] "GET / HTTP/1.0" 200 3
100.116.x.135 - - [07/Jan/2018:15:46:25 +0800] "GET / HTTP/1.1" 200 3
100.116.x.225 - - [07/Jan/2018:15:46:25 +0800] "GET / HTTP/1.0" 200 3

4.1、 一层转发
链路: Client->SLB->ECS

120.24.x.201 100.116.x.165 - - [07/Jan/2018:15:44:52 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201 100.116.x.138 - - [07/Jan/2018:15:44:52 +0800] "GET / HTTP/1.1" 200 3
120.24.x.201 100.116.x.227 - - [07/Jan/2018:15:44:52 +0800] "GET / HTTP/1.0" 200 3

4.2、 二层转发
链路: Client->WAF->SLB->ECS

120.24.x.201, 118.178.x.117 100.116.x.167 - - [07/Jan/2018:15:47:23 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 118.178.x.115 100.116.x.155 - - [07/Jan/2018:15:47:23 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 120.27.x.39 100.116.x.142 - - [07/Jan/2018:15:47:23 +0800] "GET / HTTP/1.1" 200 3

4.3、 三层转发
链路: Client->高防->WAF->SLB->ECS

120.24.x.201, 116.211.x.14, 120.27.x.33 100.116.x.221 - - [07/Jan/2018:15:48:05 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 116.211.x.3, 118.178.x.115 100.116.x.170 - - [07/Jan/2018:15:48:05 +0800] "GET / HTTP/1.0" 200 3
120.24.x.201, 116.211.x.18, 120.27.x.52 100.116.x.164 - - [07/Jan/2018:15:48:06 +0800] "GET / HTTP/1.0" 200 3

附录

Nginx获取真实IP

相关实践学习
2分钟自动化部署人生模拟器
本场景将带你借助云效流水线Flow实现人生模拟器小游戏的自动化部署
7天玩转云服务器
云服务器ECS(Elastic Compute Service)是一种弹性可伸缩的计算服务,可降低 IT 成本,提升运维效率。本课程手把手带你了解ECS、掌握基本操作、动手实操快照管理、镜像管理等。了解产品详情:&nbsp;https://www.aliyun.com/product/ecs
目录
相关文章
|
3月前
|
消息中间件 Ubuntu Java
在Ubuntu 18.04上安装Apache Kafka的方法
在Ubuntu 18.04上安装Apache Kafka的方法
189 0
|
1月前
apache+tomcat配置多站点集群的方法
apache+tomcat配置多站点集群的方法
34 4
|
3月前
|
Ubuntu 关系型数据库 MySQL
在 Ubuntu 14.04 服务器上使用 Apache 安装 Drupal 的方法
在 Ubuntu 14.04 服务器上使用 Apache 安装 Drupal 的方法
41 0
|
3月前
|
Ubuntu Java 应用服务中间件
在Ubuntu 16.04上安装Apache Tomcat 8的方法
在Ubuntu 16.04上安装Apache Tomcat 8的方法
38 0
|
3月前
|
安全 Java 应用服务中间件
在CentOS 7上安装Apache Tomcat 8的方法
在CentOS 7上安装Apache Tomcat 8的方法
134 0
|
3月前
|
Ubuntu 安全 Java
在Ubuntu 14.04上安装Apache Tomcat 8的方法
在Ubuntu 14.04上安装Apache Tomcat 8的方法
27 0
|
3月前
|
消息中间件 存储 Ubuntu
在Ubuntu 14.04上安装Apache Kafka的方法
在Ubuntu 14.04上安装Apache Kafka的方法
20 0
|
3月前
|
关系型数据库 MySQL Linux
在 CentOS 7 服务器上安装和保护 phpMyAdmin 与 Apache 的方法
在 CentOS 7 服务器上安装和保护 phpMyAdmin 与 Apache 的方法
67 0
|
3月前
|
Java 应用服务中间件 Apache
在 Debian 服务器上安装和配置 Apache Tomcat 的方法
在 Debian 服务器上安装和配置 Apache Tomcat 的方法
58 0
|
5月前
|
Apache
apache指定ip可访问,并输出指定错误
apache指定ip可访问,并输出指定错误
24 1

推荐镜像

更多