Under normal circumstances, website access is not simply direct from the user’s browser to the server, in the middle may be deployed CDN, WAF, high defense. For example, use the following architecture: User > CDN/WAF/ High defense > Source server. So, after going through multiple layers of proxy, how does the server get the IP address of the real client that initiated the request?

When a transparent proxy server forwards a user’s HTTP request to the next server, it adds an “X-Forwarded-for” message to the HTTP header that carries the user’s true IP address to this forwarded-for: The real IP address of the visitor, proxy server 1-IP, proxy server 2-IP, proxy server 3-IP…” .

Therefore, the real IP address of a visitor is obtained by receiving the first IP address corresponding to X-forwarded-for.

If you have used the Web application firewall service, you can obtain the real IP addresses of visitors directly through the WAF service or by configuring the Web server. This section describes how to obtain the real IP address through WAF, the X-Forwarded-for configuration scheme For the Tomcat, Apache, Nginx, and IIS servers, and how to obtain the real IP address.

The real IP address is directly obtained through WAF

By default, the WAF provides the function of obtaining the real IP address of the client. You can use either of the following methods to obtain the source IP address of the client:

  • The WAF service obtains the real IP address of the client using X-Forwarded-for.

The WAF server sends the real client IP address to an X-Forwarded-for field in the HTTP header.

X-forwarded-for: Indicates the real IP address of the user. This parameter is displayed by forwarded-FOR. This parameter is displayed by proxy server 1-IP, proxy server 2-IP,…

When this method is used to obtain the real IP address of the client, the first IP address obtained is the real IP address of the client.

Each language calls the SDK interface to get the X-Forwarded-for field:

  • ASP:

Request.ServerVariables(“HTTP_X_FORWARDED_FOR”)

  • ASP.NET(C#):

Request.ServerVariables[“HTTP_X_FORWARDED_FOR”]

  • PHP:

$_SERVER[“HTTP_X_FORWARDED_FOR”]

  • JSP:

request.getHeader(“HTTP_X_FORWARDED_FOR”)

  • The WAF service also supports the use of the X-real-IP variable to get the customer’s source IP, taking into account changes to the variable by the multiple layers of reverse proxies that have subsequently passed.

Various languages call the SDK interface to get the X-real-IP field:

  • ASP:

Request.ServerVariables(“HTTP_X_REAL_IP”)

  • ASP.NET(C#):

Request.ServerVariables[“HTTP_X_REAL_IP”]

  • PHP:

$_SERVER[“HTTP_X_REAL_IP”]

  • JSP:

request.getHeader(“HTTP_X_REAL_IP”)

How does Tomcat obtain the IP address of the real client in the access logs? (Recommended)

If the Tomcat server is deployed, enable the X-Forwarded-for function of the Tomcat server to obtain the real IP addresses of visitors.

  • Open the server. XML file (tomcat/conf/server. XML). The contents of the AccessLogValve log recording function are as follows:

<Host name=”localhost” appBase=”webapps” unpackWARs=”true” autoDeploy=”true”>

<Valve className=”org.apache.catalina.valves.AccessLogValve” directory=”logs”

prefix=”localhost_access_log.” suffix=”.txt”

pattern=”%h %l %u %t “%r” %s %b” />

  • Add %{x-forwarded-ip} I to the revised server. XML file.

<Host name=”localhost” appBase=”webapps” unpackWARs=”true” autoDeploy=”true”>

<Valve className=”org.apache.catalina.valves.AccessLogValve” directory=”logs”

prefix=”localhost_access_log.” suffix=”.txt”

pattern=“%{X-Forwarded-For}i %h %l %u %t “%r” %s %b” />

</Host>

  • Check the localhost_access_log file to obtain the real IP address of the visitor to x-forwarded-for.

How does Apache obtain the IP address of a real client from the access log

If the Apache server is deployed at the source site, run the mod_rpaf command to install the third-party Apache module and modify the http.conf file to obtain the customer IP address.

  • Run the following command to install a third-party Apache module mod_rpaf.

Wget HTTP: / / http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz

The tar XVFZ mod_rpaf – 0.6. Tar. Gz

CD mod_rpaf – 0.6

/ usr/local/apache/bin/apxs – I – c – n mod_rpaf – 2.0 so mod_rpaf – 2.0 c

  • Open the httpd.conf configuration file and modify the file as follows:

LoadModule rpaf_module modules/mod_rpaf-2.0.so ## Load mod_rPAF module

<IfModule mod_rpaf.c>

RPAFenable On

RPAFsethostname On

RPAFproxy_ips 127.0.0.1 < Reverse Proxy IPs>

RPAFheader X-Forwarded-For

</IfModule>

  • Define the log format.

LogFormat “%{X-Forwarded-For}i %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” common

  • Enable custom format logs.

CustomLog “/[apache directory]/logs/$access.log” common

  • Restart Apache for the configuration to take effect.

/[apached directory]/ HTTPD /bin/apachectl restart

  • This section describes how to view the access.log file to obtain the real IP address of the visitor to x-Forwarded-for.

How does Nginx obtain the IP address of a real client from the access log

If your source site has a Nginx reverse proxy deployed, you can configure the Location information on the Nginx reverse proxy, and the back-end Web server can obtain the real IP address of the client through a similar function.

  • Based on the configuration of the source Nginx reverse proxy, configure the following information in the location of the Nginx reverse proxy to obtain the customer IP address.

Location ^ /<uri> {

proxy_pass …. ;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

  • The back-end Web server obtains the real IP address of the client through a similar function.

request.getAttribute(“X-Forwarded-For“)

IIS 6 How can I obtain the IP address of a real client from the access log

If your source site has an IIS 6 server deployed, you can install the “f5Xforwardedfor.dll” plug-in to get the real IP address of the visitor from the IIS 6 server access log.

1. Download and install the “F5XForwardedfor.dll” plug-in.

2. Copy the “f5xforwardedfor. DLL” file from the “x86/release” or “x64/release” directory to the specified directory (for example, “C:\ISAPIFilters”) depending on your server’s operating system version, and make sure that the IIS process has access to the directory.

3. Open IIS Manager, right-click the current site, and choose Properties from the shortcut menu. The Properties page is displayed.

4. On the Properties page, switch to ISAPI Filters and click Add. In the dialog box that is displayed, configure the following information:

  • Filter Name: “F5XForwardedFor”;
  • “Executable” : full path for “f5Xforwardedfor.dll”, for example: “C:\ISAPIFilters\ f5xforwardedfor.dll”.

5. Click OK to restart the IIS 6 server.

6. View the IIS 6 server access logs (the default directory is C:\WINDOWS\ System32 \LogFiles\, and the NAMES of IIS log files are suffix. Log) to obtain the IP address of an X-forwarded-for addressee.

How can IIS 7 Obtain the IP address of a real client from the access log

If your source site has an IIS 7 server deployed, you can install the “F5XForwardedFor” module to obtain the real IP address of the visitor from the IIS 7 server access log.

1. Download and install “F5XForwardedFor” module.

2. Copy the f5xffHttpModule. DLL and f5xffHttpModule. ini files in the x86-release or x64-release directory to the specified directory based on the server operating system version (for example, “C:\x_forwarded_for\x86” or “C:\x_forwarded_for\x64”) and ensure that the IIS process has access to the directory.

3. Under the OPTIONS of the IIS server, double-click Modules. The Modules page is displayed.

4. Click Configure Local Module. In the dialog box that is displayed, click Register and select Register Module to register the downloaded DLL file.

  • X86: register module “x_forwarded_for_x86”
    • Name: x_forwarded_for_x86
    • Path: “C: \ x_forwarded_for \ x86 \ F5XFFHttpModule DLL”


  • X64 OS: register module “x_forwarded_for_x64”
    • Name: x_forwarded_for_x64
    • Path: “C: \ x_forwarded_for \ x64 \ F5XFFHttpModule DLL”


5. After registration, select the newly registered module (” X_forwarded_for_x86 “or” X_forwarded_for_x64 “) and click “OK”.

6. In ISAPI and CGI Restrictions, add registered DLL files to the operating system, and change Limit to Allow.

  • X86 operating system
    • ISAPI or CGI path: “C:\x_forwarded_for\x86\ f5xffHttpModule.dll”
    • Description: x86


  • X64 operating system:
    • ISAPI or CGI path: “C:\x_forwarded_for\x64\ f5xffHttpModule.dll”
    • Description: x64

7. Restart the IIS 7 server for the configuration to take effect.

8. View the IIS 7 server access logs (the default directory is C:\WINDOWS\ System32 \LogFiles\, and the NAMES of IIS log files are suffix. Log) to obtain the IP address of an X-forwarded-for addressee.


Click follow to learn about the fresh technologies of Huawei Cloud