使用nginx代理后以及配置https后,如何獲取真實的ip地址
Date:2018-8-27 14:15:51
使用nginx, apache等反向代理后,如果想獲取請求的真實ip,要在nginx中配置,把當前請求的ip等信息攜帶去請求應用服務。
1.配置nginx的https servler
- nginx.conf配置
server {
listen 80;
server_name edudemo.XXX.com;
# 如果配置了下面的rewrite,下面的location就沒用了,會直接轉發到下面的https去請求
rewrite ^(.*)$ https://$host$1 permanent;
location / {
proxy_pass https://edudemo.XXX.com;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443;
server_name edudemo.XXX.com;
ssl on;
root html;
index index.html index.htm;
ssl_certificate cert/214421564860931.pem;
ssl_certificate_key cert/214421564860931.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8083;
# 獲取請求的host
proxy_set_header Host $host;
# 獲取請求的ip地址
proxy_set_header X-real-ip $remote_addr;
# 獲取請求的多級ip地址,當請求經過多個反向代理時,會獲取多個ip,英文逗號隔開
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
2.代碼中獲取真實的ip地址
/**
* 獲取請求主機IP地址,如果通過代理進來,則透過防火牆獲取真實IP地址;
*
* @param request
* @return
* @throws IOException
*/
public final static String getIpAddress(HttpServletRequest request) throws IOException {
// 獲取nginx代理前的ip地址
String ip = request.getHeader("X-real-ip");
if (logger.isInfoEnabled()) {
logger.info("getIpAddress(X-real-ip) - X-real-ip - String ip=" + ip);
}
// 獲取所有代理記錄的ip地址
String refererIps = request.getHeader("x-forwarded-for");
String[] split = refererIps.trim().split(",");
if (split != null && split.length >= 2) {
// 獲取請求最開始的ip
ip = split[0];
logger.info("getIpAddress(x-forwarded-for) - x-forwarded-for - String ip=" + refererIps);
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
if (logger.isInfoEnabled()) {
logger.info("getIpAddress(HttpServletRequest) - Proxy-Client-IP - String ip=" + ip);
}
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
if (logger.isInfoEnabled()) {
logger.info("getIpAddress(HttpServletRequest) - WL-Proxy-Client-IP - String ip=" + ip);
}
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_CLIENT_IP");
if (logger.isInfoEnabled()) {
logger.info("getIpAddress(HttpServletRequest) - HTTP_CLIENT_IP - String ip=" + ip);
}
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_X_FORWARDED_FOR");
if (logger.isInfoEnabled()) {
logger.info("getIpAddress(HttpServletRequest) - HTTP_X_FORWARDED_FOR - String ip=" + ip);
}
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
if (logger.isInfoEnabled()) {
logger.info("getIpAddress(HttpServletRequest) - getRemoteAddr - String ip=" + ip);
}
}
} else if (ip.length() > 15) {
String[] ips = ip.split(",");
for (int index = 0; index < ips.length; index++) {
String strIp = (String) ips[index];
if (!("unknown".equalsIgnoreCase(strIp))) {
ip = strIp;
break;
}
}
}
logger.info("final request ip : {}", ip);
return ip;
}
獲取到真實的ip后就可以去對用戶進行限制了,ip訪問次數限制,ip黑名單過濾。。。