php Nginx 用 X-Forwarded-For 替换 REMOTE_ADDR
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/25929599/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Nginx replace REMOTE_ADDR with X-Forwarded-For
提问by Reverb
I am quite new to Nginx, and it seems all so confusing. I have my server setup perfectly, but the problem is, since my server is protected using a HTTP proxy; instead of logging the real users IP's, it's logging the proxy server IP.
我对 Nginx 很陌生,这似乎很令人困惑。我的服务器设置完美,但问题是,因为我的服务器使用 HTTP 代理进行保护;它不是记录真实用户的 IP,而是记录代理服务器 IP。
What I tried doing was setting $_SERVER['REMOTE_ADDR'];to $_SERVER['X-Forwarded-For'];but I'm getting a undefined index error, so I'm guessing I have to define X-Forwarded-Forin Nginx? But I am not aware how to do so, I have a simple setup, it's just Nginx with PHP. Nothing more, nothing less.
我尝试做的是设置$_SERVER['REMOTE_ADDR'];为$_SERVER['X-Forwarded-For'];但我收到未定义的索引错误,所以我猜我必须X-Forwarded-For在 Nginx 中定义?但我不知道该怎么做,我有一个简单的设置,它只是带有 PHP 的 Nginx。不多也不少。
I've searched all over the web, but can't actually find some information that is friendly to understand.
我已经在网上搜索了所有内容,但实际上找不到一些易于理解的信息。
I have access to the source code, if that somewhat helps. I've tried many solutions, but to no avail.
如果有帮助的话,我可以访问源代码。我尝试了很多解决方案,但都无济于事。
回答by Razvan Grigore
The correct way of doing this is by setting the real_ip_headerconfiguration in nginx.
正确的做法是real_ip_header在nginx中设置配置。
Example with trusted HTTP proxy IP:
具有可信 HTTP 代理 IP 的示例:
set_real_ip_from 127.0.0.1/32;
real_ip_header X-Forwarded-For;
This way, the $_SERVER['REMOTE_ADDR'] will be correctly filled up in PHP fastcgi.
这样,$_SERVER['REMOTE_ADDR'] 将在 PHP fastcgi 中正确填充。
回答by fredrik
$http_x_forwared_formight contain multiple ip addresses, where the first one should be the client ip. REMOTE_ADDRshould only be the client ip.
$http_x_forwared_for可能包含多个 ip 地址,其中第一个应该是客户端 ip。REMOTE_ADDR应该只是客户端IP。
So by using regex in your nginx.conf, you can set REMOTE_ADDRto the first ip of $http_x_forwarded_forlike so:
因此,通过在您的 中使用正则表达式nginx.conf,您可以像这样设置REMOTE_ADDR第一个 ip $http_x_forwarded_for:
set $realip $remote_addr;
if ($http_x_forwarded_for ~ "^(\d+\.\d+\.\d+\.\d+)") {
set $realip ;
}
fastcgi_param REMOTE_ADDR $realip;
回答by antonbormotov
An addition to @fredrik's answer.
It might be better to set $real_ipusing mapdirective:
对@fredrik 的回答的补充。
设置$real_ipusingmap指令可能更好:
map $http_x_forwarded_for $real_ip {
~^(\d+\.\d+\.\d+\.\d+) ;
default $remote_addr;
}
Then, set fastcgi_param REMOTE_ADDRin fastcgi_paramsfile or a location block:
然后,fastcgi_param REMOTE_ADDR在fastcgi_params文件或位置块中设置:
fastcgi_param REMOTE_ADDR $real_ip;
edit: Typo fixed in variable name
编辑:在变量名称中修复了错别字
回答by Reverb
I solved my own problem, since PHP gets filtered through FastCGI, I simply added a fast CGI param which set REMOTE_ADDRto the variable http_x_forwarded_for, so something similar to this:
我解决了我自己的问题,因为 PHP 是通过 FastCGI 过滤的,所以我只是添加了一个设置REMOTE_ADDR为变量的快速 CGI 参数http_x_forwarded_for,因此类似于以下内容:
fastcgi_param REMOTE_ADDR $http_x_forwarded_for;
