使用nginx代理后以及配置https后,如何获取真实的ip地址
Date:2018-8-27 14:15:51
使用nginx, apache等反向代理后,如果想获取请求的真实ip,要在nginx中配置,把当前请求的ip等信息携带去请求应用服务。
1.配置nginx的https servler
- nginx.conf配置
server { listen 80; server_name edudemo.XXX.com; # 如果配置了下面的rewrite,下面的location就没用了,会直接转发到下面的https去请求 rewrite ^(.*)$ https://$host$1 permanent; location / { proxy_pass https://edudemo.XXX.com; proxy_set_header Host $host; proxy_set_header X-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }}server { listen 443; server_name edudemo.XXX.com; ssl on; root html; index index.html index.htm; ssl_certificate cert/214421564860931.pem; ssl_certificate_key cert/214421564860931.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_pass http://127.0.0.1:8083; # 获取请求的host proxy_set_header Host $host; # 获取请求的ip地址 proxy_set_header X-real-ip $remote_addr; # 获取请求的多级ip地址,当请求经过多个反向代理时,会获取多个ip,英文逗号隔开 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }} 2.代码中获取真实的ip地址
/** * 获取请求主机IP地址,如果通过代理进来,则透过防火墙获取真实IP地址; * * @param request * @return * @throws IOException */ public final static String getIpAddress(HttpServletRequest request) throws IOException { // 获取nginx代理前的ip地址 String ip = request.getHeader("X-real-ip"); if (logger.isInfoEnabled()) { logger.info("getIpAddress(X-real-ip) - X-real-ip - String ip=" + ip); } // 获取所有代理记录的ip地址 String refererIps = request.getHeader("x-forwarded-for"); String[] split = refererIps.trim().split(","); if (split != null && split.length >= 2) { // 获取请求最开始的ip ip = split[0]; logger.info("getIpAddress(x-forwarded-for) - x-forwarded-for - String ip=" + refererIps); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); if (logger.isInfoEnabled()) { logger.info("getIpAddress(HttpServletRequest) - Proxy-Client-IP - String ip=" + ip); } } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); if (logger.isInfoEnabled()) { logger.info("getIpAddress(HttpServletRequest) - WL-Proxy-Client-IP - String ip=" + ip); } } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_CLIENT_IP"); if (logger.isInfoEnabled()) { logger.info("getIpAddress(HttpServletRequest) - HTTP_CLIENT_IP - String ip=" + ip); } } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_X_FORWARDED_FOR"); if (logger.isInfoEnabled()) { logger.info("getIpAddress(HttpServletRequest) - HTTP_X_FORWARDED_FOR - String ip=" + ip); } } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); if (logger.isInfoEnabled()) { logger.info("getIpAddress(HttpServletRequest) - getRemoteAddr - String ip=" + ip); } } } else if (ip.length() > 15) { String[] ips = ip.split(","); for (int index = 0; index < ips.length; index++) { String strIp = (String) ips[index]; if (!("unknown".equalsIgnoreCase(strIp))) { ip = strIp; break; } } } logger.info("final request ip : {}", ip); return ip; } 获取到真实的ip后就可以去对用户进行限制了,ip访问次数限制,ip黑名单过滤。。。
参考:https://www.cnblogs.com/zhanghaoh/p/5293158.html