0  

There is no way to validate source IP, particular when proxies are involved. In the proxy case, a chain of IP addresses is supposed to be put in http headers, but that can certainly be faked so what express thinks is the original IP cannot be trusted. It is likely accurate, but not guaranteed accurate.

无法验证源IP,特别是涉及代理时。在代理的情况下,一串IP地址应该放在http标头中,但这肯定是伪造的,所以表达认为原始IP是不可信任的。这可能是准确的,但不能保证准确。

req.path is entirely local and does not involve any client headers and is not subject to any client spoofing. It just comes from the actual HTTP request URL that arrives at your server. The only way it wouldn't be the same as the actual request URL is if you were using a mount point for routers in which case the mount point part of the path will have been removed by express. Or perhaps if your own middleware attempted to mess with it.

req.path完全是本地的,不涉及任何客户端标头,不受任何客户端欺骗。它只来自到达您服务器的实际HTTP请求URL。它与实际请求URL不同的唯一方法是,如果您使用路由器的挂载点,在这种情况下,路径的挂载点部分将被express删除。或者,如果你自己的中间件试图弄乱它。