您的位置: 首页  >  IT文章  >  使用nginx代理后以及配置https后,如何获取真实的ip地址 使用nginx代理后以及配置https后,如何获取真实的ip地址

使用nginx代理后以及配置https后,如何获取真实的ip地址 使用nginx代理后以及配置https后,如何获取真实的ip地址

分类: IT文章 2023-10-27 16:40:40

Date:2018-8-27 14:15:51

使用nginx, apache等反向代理后,如果想获取请求的真实ip,要在nginx中配置,把当前请求的ip等信息携带去请求应用服务。

1.配置nginx的https servler

  • nginx.conf配置
server {
        listen       80;
        server_name  edudemo.XXX.com;
    	# 如果配置了下面的rewrite,下面的location就没用了,会直接转发到下面的https去请求
		rewrite ^(.*)$ https://$host$1 permanent;
        location / {
            proxy_pass   https://edudemo.XXX.com;
            proxy_set_header Host $host;
            proxy_set_header X-real-ip $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}


server {
    listen 443;
    server_name edudemo.XXX.com;
    ssl on;
    root html;
    index index.html index.htm;
    ssl_certificate   cert/214421564860931.pem;
    ssl_certificate_key  cert/214421564860931.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass   http://127.0.0.1:8083;
        # 获取请求的host
		proxy_set_header Host $host;
        # 获取请求的ip地址
		proxy_set_header X-real-ip $remote_addr;
        # 获取请求的多级ip地址,当请求经过多个反向代理时,会获取多个ip,英文逗号隔开
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

2.代码中获取真实的ip地址

    /**
     * 获取请求主机IP地址,如果通过代理进来,则透过防火墙获取真实IP地址;
     * 
     * @param request
     * @return
     * @throws IOException
     */
    public final static String getIpAddress(HttpServletRequest request) throws IOException {
        // 获取nginx代理前的ip地址
        String ip = request.getHeader("X-real-ip");
        if (logger.isInfoEnabled()) {
            logger.info("getIpAddress(X-real-ip) - X-real-ip - String ip=" + ip);
        }
        // 获取所有代理记录的ip地址
        String refererIps = request.getHeader("x-forwarded-for");
        String[] split = refererIps.trim().split(",");
        if (split != null && split.length >= 2) {
            // 获取请求最开始的ip
            ip = split[0];
            logger.info("getIpAddress(x-forwarded-for) - x-forwarded-for - String ip=" + refererIps);
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
                ip = request.getHeader("Proxy-Client-IP");
                if (logger.isInfoEnabled()) {
                    logger.info("getIpAddress(HttpServletRequest) - Proxy-Client-IP - String ip=" + ip);
                }
            }
            if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
                ip = request.getHeader("WL-Proxy-Client-IP");
                if (logger.isInfoEnabled()) {
                    logger.info("getIpAddress(HttpServletRequest) - WL-Proxy-Client-IP - String ip=" + ip);
                }
            }
            if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
                ip = request.getHeader("HTTP_CLIENT_IP");
                if (logger.isInfoEnabled()) {
                    logger.info("getIpAddress(HttpServletRequest) - HTTP_CLIENT_IP - String ip=" + ip);
                }
            }
            if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
                ip = request.getHeader("HTTP_X_FORWARDED_FOR");
                if (logger.isInfoEnabled()) {
                    logger.info("getIpAddress(HttpServletRequest) - HTTP_X_FORWARDED_FOR - String ip=" + ip);
                }
            }
            if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
                ip = request.getRemoteAddr();
                if (logger.isInfoEnabled()) {
                    logger.info("getIpAddress(HttpServletRequest) - getRemoteAddr - String ip=" + ip);
                }
            }
        } else if (ip.length() > 15) {
            String[] ips = ip.split(",");
            for (int index = 0; index < ips.length; index++) {
                String strIp = (String) ips[index];
                if (!("unknown".equalsIgnoreCase(strIp))) {
                    ip = strIp;
                    break;
                }
            }
        }
        logger.info("final request ip : {}", ip);
        return ip;
    }

获取到真实的ip后就可以去对用户进行限制了,ip访问次数限制,ip黑名单过滤。。。

参考:https://www.cnblogs.com/zhanghaoh/p/5293158.html

相关推荐