You can use mod_rpaf for that. http://stderr.net/apache/rpaf/

您可以为此使用 mod_rpaf。http://stderr.net/apache/rpaf/

Note that the X-Forwarded-For header may contain a listof IP addresses if the request has traversed more than one proxy. In this case, you usually want the leftmost IP. You can extract this with a SetEnvIf:

请注意，如果请求经过了多个代理，则 X-Forwarded-For 标头可能包含IP 地址列表。在这种情况下，您通常需要最左边的 IP。您可以使用 SetEnvIf 提取它：

SetEnvIf X-Forwarded-For "^(\d{1,3}+\.\d{1,3}+\.\d{1,3}+\.\d{1,3}+).*" XFFCLIENTIP=

Note the use of $1to set the XFFCLIENTIP environment variable to hold the contents of the first group in the regex (in the parentheses).

请注意使用$1设置 XFFCLIENTIP 环境变量以保存正则表达式中第一组的内容（在括号中）。

Then you can use the value of the environment variable to set headers (or use it in Apache log formats so that the logs contain the actual client IP).

然后您可以使用环境变量的值来设置标头（或在 Apache 日志格式中使用它，以便日志包含实际的客户端 IP）。

In addition to mod_rpafas mentioned before, it appears that mod_extract_forwardedwill perform this function as well.

除了前面提到的mod_rpaf之外，似乎mod_extract_forwarded也将执行此功能。

One advantage to mod_extract_forwardedis that it is available from EPELfor RHEL/CentOS servers whereas mod_rpafis not.

一个优点mod_extract_forwarded是它可以从EPEL用于 RHEL/CentOS 服务器，而mod_rpaf不能。

It appears that neither of these two modules allow you to whitelist an entire subnet of proxy servers, which is why the CloudFlare folks created their own plugin: mod_cloudflarewhich, it should be noted, is nota general-purpose tool like the other two; it contains a hardcoded list of CloudFlare subnets.

看来，无论这两个模块让你白名单代理服务器的整个子网，这就是为什么CloudFlare的开发人员创建自己的插件：mod_cloudflare其中，应该注意，是不是像其他两个通用的工具; 它包含一个硬编码的 CloudFlare 子网列表。

Currently apache module mod_remoteip is the recommended way to do this; rpaf hasn't been reliably maintained, and can cause problems.

目前 apache 模块 mod_remoteip 是推荐的方法；rpaf 没有得到可靠的维护，可能会导致问题。

Yes, we can do this.

是的，我们可以做到这一点。

Just add a auto_prepend_file in your PHP.ini like auto_prepend_file = "c:/prepend.php"and in this file add this:

只需在您的 PHP.ini 中添加一个 auto_prepend_fileauto_prepend_file = "c:/prepend.php"并在此文件中添加以下内容：

if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
}

You need the MOD_REMOTEIP in apache width RemoteIPHeader X-Real-IP.

您需要 apache width 中的 MOD_REMOTEIP RemoteIPHeader X-Real-IP。

Cheers,

干杯，

Guiremach

吉雷马赫

Unfortunately,

很遗憾，

at the time of this writing, none of the backports and forks at freshports.org, people.apache.org or gist.github.com worked. They were all based on an early alpha version of apache httpd 2.3 which was neither compatible with current versions of 2.2 nor 2.4.

在撰写本文时，freshports.org、people.apache.org 或 gist.github.com 上的 backports 和 fork 都没有工作。它们都基于 apache httpd 2.3 的早期 alpha 版本，该版本既不兼容 2.2 也不兼容 2.4 的当前版本。

So after hours of wasting time while trying to adjust the backports to create a real working one for httpd 2.2, I decided to move to httpd 2.4. Within httpd 2.4, mod_remoteip works smoothly, even if a load balancer has permanent keepalive connections which it uses to proxy requests from different actual client ip addresses to the backend. I'm not sure if the other modules can handle this situation (changing client ip addresses on each request within the same connection).

因此，在尝试调整向后移植以创建适用于 httpd 2.2 的真正工作时浪费了数小时的时间之后，我决定转移到 httpd 2.4。在 httpd 2.4 中，mod_remoteip 可以顺利工作，即使负载均衡器具有永久保持活动连接，它用于将来自不同实际客户端 IP 地址的请求代理到后端。我不确定其他模块是否可以处理这种情况（更改同一连接内每个请求的客户端 IP 地址）。

Remember that this value can be spoofed. See http://blog.c22.cc/2011/04/22/surveymonkey-ip-spoofing/for a real-life example with Cross-site Scripting consequences.

请记住，此值可以被欺骗。有关跨站点脚本后果的真实示例，请参阅http://blog.c22.cc/2011/04/22/surveymonkey-ip-spoofing/。

You can install the module mod_extract_forwardedand set MEFacceptparameter to all.

您可以安装模块mod_extract_forwarded并将MEFaccept参数设置为 all。