這里我們在生產中遇到一個問題就是。我們有的用戶會登錄失敗。但是並不是所有的用戶登錄失敗(這里是能夠正常訪問網站)
所以這里想分析哪些用戶登錄失敗,所以我們要記錄他們這些登錄失敗的IP地址
這里我們的結構是這樣的,前端的代理用的是haproxy
后端的是java 程序
所以我們要在ha里配置,讓后端能夠取到用戶的真實IP地址
所以我們的配置就是
option http-server-close
option forwardfor
后端的代碼里去head頭里的X-Forwarded-For字段
參考鏈接是https://gist.github.com/PiBa-NL/d826e0d6b35bbe4a5fc3
To send the ip addres of the client/webbrowser to the server/webserver behind it there are a few options:
1- option forwardfor
2- send-proxy
3- source 0.0.0.0 usesrc clientip
1- option forwardfor
This is an easy option to configure in haproxy, it does require that http layer7 processing is used 'mode http' and the webserver/ webapplication that wants to log or use the ip of the client must use the http-header 'X-Forwarded-For' to read the clientip.
2- send-proxy / send-proxy-v2 / send-proxy-*
This is can be used both with mode tcp and http, it does however require that the server also understands the proxyprotocol. Some applications have added support for this protocol which adds a few bytes with ip information before the actual request.
3- source 0.0.0.0 usesrc clientip
This allows any application and any protocol to be used and see the actual client ip as the origin from the incomming connection.
It does however require to configure IPTABLES or IPFW or other firewall rules to capture reply-traffic, also the haproxy machine must be the defaultroute for the return traffic from the (web-)server.
參考文檔是:
https://www.haproxy.com/doc/aloha/7.0/haproxy/http_rewriting.html#add-a-header-to-the-request