使用nginx代理后以及配置https后,如何获取真实的ip地址
Date:2018-8-27 14:15:51
使用nginx, apache等反向代理后,如果想获取请求的真实ip,要在nginx中配置,把当前请求的ip等信息携带去请求应用服务。
1.配置nginx的https servler
- nginx.conf配置
server {
listen 80;
server_name edudemo.XXX.com;
# 如果配置了下面的rewrite,下面的location就没用了,会直接转发到下面的https去请求
rewrite ^(.*)$ https://$host$1 permanent;
location / {
proxy_pass https://edudemo.XXX.com;
proxy_set_header Host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443;
server_name edudemo.XXX.com;
ssl on;
root html;
index index.html index.htm;
ssl_certificate cert/214421564860931.pem;
ssl_certificate_key cert/214421564860931.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8083;
# 获取请求的host
proxy_set_header Host $host;
# 获取请求的ip地址
proxy_set_header X-real-ip $remote_addr;
# 获取请求的多级ip地址,当请求经过多个反向代理时,会获取多个ip,英文逗号隔开
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
2.代码中获取真实的ip地址
/**
* 获取请求主机IP地址,如果通过代理进来,则透过防火墙获取真实IP地址;
*
* @param request
* @return
* @throws IOException
*/
public final static String getIpAddress(HttpServletRequest request) throws IOException {
// 获取nginx代理前的ip地址
String ip = request.getHeader("X-real-ip");
if (logger.isInfoEnabled()) {
logger.info("getIpAddress(X-real-ip) - X-real-ip - String ip=" + ip);
}
// 获取所有代理记录的ip地址
String refererIps = request.getHeader("x-forwarded-for");
String[] split = refererIps.trim().split(",");
if (split != null && split.length >= 2) {
// 获取请求最开始的ip
ip = split[0];
logger.info("getIpAddress(x-forwarded-for) - x-forwarded-for - String ip=" + refererIps);
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
if (logger.isInfoEnabled()) {
logger.info("getIpAddress(HttpServletRequest) - Proxy-Client-IP - String ip=" + ip);
}
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
if (logger.isInfoEnabled()) {
logger.info("getIpAddress(HttpServletRequest) - WL-Proxy-Client-IP - String ip=" + ip);
}
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_CLIENT_IP");
if (logger.isInfoEnabled()) {
logger.info("getIpAddress(HttpServletRequest) - HTTP_CLIENT_IP - String ip=" + ip);
}
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_X_FORWARDED_FOR");
if (logger.isInfoEnabled()) {
logger.info("getIpAddress(HttpServletRequest) - HTTP_X_FORWARDED_FOR - String ip=" + ip);
}
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
if (logger.isInfoEnabled()) {
logger.info("getIpAddress(HttpServletRequest) - getRemoteAddr - String ip=" + ip);
}
}
} else if (ip.length() > 15) {
String[] ips = ip.split(",");
for (int index = 0; index < ips.length; index++) {
String strIp = (String) ips[index];
if (!("unknown".equalsIgnoreCase(strIp))) {
ip = strIp;
break;
}
}
}
logger.info("final request ip : {}", ip);
return ip;
}
获取到真实的ip后就可以去对用户进行限制了,ip访问次数限制,ip黑名单过滤。。。