如何获取访问者真实IP

<p class="shortdesc">Web应用防火墙对网站做了反向代理,当用户访问Web应用防火墙防护的域名时,在HTTP头部字段中将会添加一条记录用户真实IP的 X-Forwarded-For 记录,其形式为“X-Forwarded-For:访问者的真实IP,代理服务器1-IP, 代理服务器2-IP,代理服务器3-IP,·······。”X-Forwarded-For”对应的第一个IP为访问者的真实IP。</p> <section class="section" id="bestpractices_0003__section_kkt_rct_3mb"><h2 class="doc-tairway">在Waf中直接获取真实IP</h2> <p class="p">您可以直接在Waf中获取访问者的真实IP。</p> <ol class="ol" id="bestpractices_0003__ol_rbk_zct_3mb"> <li class="li">登录<a class="xref" href="/console/pwaf" target="_blank">Web应用防火墙Waf控制台</a>。</li> <li class="li">在<span class="keyword wintitle">概览</span>页面<span class="keyword wintitle">资源状态</span>区域,单击<span class="ph uicontrol">管理</span>。</li> <li class="li">在网站安全防护系统左侧导航栏中,单击<span class="ph menucascade"><span class="ph uicontrol">安全运营</span><abbr> > </abbr><span class="ph uicontrol">日志查询</span></span>。</li> <li class="li">选择<span class="keyword wintitle">访问日志</span>页签或<span class="keyword wintitle">攻击日志</span>页签,在日志列表中即可查看到访问者或攻击者的真实IP信息。<img class="image" id="bestpractices_0003__image_eyt_tn1_jmb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20203112110411-17bd6cef9099.jpg" width="830"></li> </ol> </section> <section class="section" id="bestpractices_0003__section_c5z_yns_3mb"><h2 class="doc-tairway">IIS 7 服务器获取真实IP </h2> <p class="p">如果您的源站部署了IIS 7服务器,您可以通过安装“F5XForwardedFor”模块,从IIS 7服务器记录的访问日志中获取访问者真实的IP地址。</p> <div class="p"> <ol class="ol" id="bestpractices_0003__ol_nvq_3ts_3mb"> <li class="li">下载并安装F5XForwardedFor模块。</li> <li class="li">根据您的服务器操作系统版本将“x86\Release”或者“x64\Release”目录中的“F5XFFHttpModule.dll”和“F5XFFHttpModule.ini”文件拷贝到指定目录,例如,“C:\x_forwarded_for\x86”或“C:\x_forwarded_for\x64”,并确保IIS进程对该目录有读取权限。</li> <li class="li">在IIS服务器的选择项中,双击<span class="ph uicontrol">模块</span>。<img class="image" id="bestpractices_0003__image_zmw_5ws_3mb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20203112110410-1a96f74b9991.jpg"></li> <li class="li">在<span class="keyword wintitle">模块</span>页面右侧<span class="keyword wintitle">操作</span>区域,单击<span class="ph uicontrol">配置本机模块</span>。<img class="image" id="bestpractices_0003__image_px2_rxs_3mb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20203112110410-11dc62699f2c.jpg"></li> <li class="li">在<span class="keyword wintitle">配置本机模块</span>页面,单击<span class="ph uicontrol">注册</span>。<img class="image" id="bestpractices_0003__image_vs1_pxs_3mb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20203112110410-1d23f2279c00.jpg"></li> <li class="li">在<span class="keyword wintitle">注册本机模块</span>页面,按照操作系统选择注册模块注册已经下载的DLL文件。<img class="image" id="bestpractices_0003__image_gpq_zxs_3mb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20203112110410-19103cfb95a9.jpg"><img class="image" id="bestpractices_0003__image_zn3_1ys_3mb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20203112110411-16e39d9c9177.jpg"></li> <li class="li">添加完成后,勾选“x_forwarded_for_x86”或“x_forwarded_for_x64“,单击<span class="ph uicontrol">确定</span>。<img class="image" id="bestpractices_0003__image_yww_kys_3mb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20203112110411-1303e2f394dc.jpg"></li> <li class="li">在<span class="keyword wintitle">ISAPI和CGI限制</span>页面中,按操作系统添加已注册的DLL文件,并将其<span class="ph uicontrol">限制</span>列改为<span class="ph uicontrol">允许</span>。</li> <li class="li">重启IIS 7服务器,等待配置生效。</li> <li class="li">查看IIS 7服务器记录的访问日志。默认的日志路径为:“C:\WINDOWS\system32\LogFiles\ ”,IIS日志的文件名称的后缀为“.log”,可获取X-Forwarded-For对应的访问者真实IP。</li> </ol> </div> </section> <section class="section" id="bestpractices_0003__section_asr_11t_3mb"><h2 class="doc-tairway">Apache服务器获取真实IP地址</h2> <div class="p">如果您的源站部署了Apache服务器,运行命令安装Apache的第三方模块mod_rpaf,并修改http.conf文件可获取客户IP地址。<ol class="ol" id="bestpractices_0003__ol_irt_k1t_3mb"> <li class="li">执行以下命令,安装 Apache 第三方模块mod_rpaf。<pre class="pre codeblock"><code>wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz tar xvfz mod_rpaf-0.6.tar.gz cd mod_rpaf-0.6 /usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c</code></pre></li> <li class="li">修改 Apache 配置<code class="ph codeph">/etc/httpd/conf/httpd.conf</code><pre class="pre codeblock"><code>LoadModule rpaf_module modules/mod_rpaf-2.0.so //加载mod_rpaf模块 RPAFenable On RPAFsethostname On RPAFproxy_ips IP地址 //反向代理IPs RPAFheader X-Forwarded-For</code></pre></li> <li class="li">执行如下命令,定义日志格式。<pre class="pre codeblock"><code>LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common</code></pre></li> <li class="li">执行如下命令,启用自定义格式日志。<pre class="pre codeblock"><code>CustomLog "/[apache目录]/logs/$access.log" common</code></pre></li> <li class="li">添加完成后,执行以下命令,重启 Apache。<pre class="pre codeblock"><code>/[apached目录]/httpd/bin/apachectl restart</code></pre></li> <li class="li">查看access.log日志文件,可获取X-Forwarded-For对应的访问者真实IP。</li> </ol></div> </section>
以上内容是否解决了您的问题?
请补全提交信息!
咨询·建议

电话咨询 - 7x24 小时

400-151-8800

邮件咨询

cloud@pingan.com

在线客服

7x24 小时,急速解答

工单支持

解决云产品相关技术问题