7 ways to get visitors’ real IP, learn quickly!!!

Time:2021-2-26

Usually, website access is not simply from the user’s browser to the server. CDN, WAF and advanced defense may be deployed in the middle. For example, the architecture of “user > CDN / WAF / advanced defense > origin server” is adopted. Then, after multi-layer proxy, how can the server obtain the real client IP that initiated the request?

When a transparent proxy server transfers a user’s HTTP request to the next server, it will add an “x-forward-for” record in the HTTP header to record the user’s real IP in the form of “x-forward-for: Visitor‘s real IP, proxy server 1-ip, proxy server 2-ip, proxy server 3-ip,…”.

Therefore, the visitor’s real IP can be obtained by“X-Forwarded-For”Corresponding to the first IP.

If you have used the web application firewall service, you can obtain the real IP of visitors directly through the WAF service, or you can obtain the real IP of visitors by configuring the website server. The following describes the method of obtaining real IP directly through WAF, as well as the corresponding x-forward-for configuration scheme and the method of obtaining real IP for tomcat, Apache, nginx and IIS servers.

Get real IP directly through WAF

By default, WAF provides the function of obtaining the client’s real IP. The following two methods are recommended to obtain the client’s source IP. According to your needs, you can choose one of the two methods:

  • WAF service uses x-forward-for to obtain the real IP address of the client.

The real client IP will be placed in the x-forward-for field of the HTTP header by the WAF service. The format is as follows:

X-forward-for: user real IP, proxy 1-ip, proxy 2-ip

When using this method to obtain the real IP of the client, the first address obtained is the real IP of the client.

Various languages obtain the x-forward-for field by calling the SDK interface

  • ASP:

Request.ServerVariables(“HTTP_X_FORWARDED_FOR”)

  • ASP.NET(C#)

Request.ServerVariables[“HTTP_X_FORWARDED_FOR”]

  • PHP:

$_SERVER[“HTTP_X_FORWARDED_FOR”]

  • JSP:

request.getHeader(“HTTP_X_FORWARDED_FOR”)

  • WAF service also supports the use of x-real-ip variable to obtain the customer’s source IP (considering the modification of the variable by the multi-layer reverse proxy).

Various languages obtain the x-real-ip field by calling the SDK interface

  • ASP:

Request.ServerVariables(“HTTP_X_REAL_IP”)

  • ASP.NET(C#)

Request.ServerVariables[“HTTP_X_REAL_IP”]

  • PHP:

$_SERVER[“HTTP_X_REAL_IP”]

  • JSP:

request.getHeader(“HTTP_X_REAL_IP”)

How does Tomcat get the IP address of the real client in the access log (personal recommendation)

If you deploy Tomcat server in your source site, you can obtain the real IP address of visitors by enabling the x-forward-for function of Tomcat.

  • open server.xml File (“Tomcat / conf/ server.xml ”)The content of accesslogvalve logging function is as follows:

<Host name=”localhost” appBase=”webapps” unpackWARs=”true” autoDeploy=”true”>

<Valve className=”org.apache.catalina.valves.AccessLogValve” directory=”logs”

prefix=”localhost_access_log.” suffix=”.txt”

pattern=”%h %l %u %t “%r” %s %b” />

  • Add “% {x-forward-ip} I” to the pattern, and the modified server.xml For:

<Host name=”localhost” appBase=”webapps” unpackWARs=”true” autoDeploy=”true”>

<Valve className=”org.apache.catalina.valves.AccessLogValve” directory=”logs”

prefix=”localhost_access_log.” suffix=”.txt”

pattern=“%{X-Forwarded-For}i %h %l %u %t “%r” %s %b” />

</Host>

  • View localhost_ access_ Log file to obtain the real IP address of the visitor corresponding to x-forward-for.

How does Apache get the IP address of the real client in the access log

If your source station has deployed Apache server, you can install mod, the third-party module of Apache, by running the command_ RPAF, and modify http.conf File to get the customer IP address.

  • Execute the following command to install mod, a third-party module of Apache_ rpaf。

wget http://stderr.net/apache/rpaf…_rpaf-0.6.tar.gz

tar xvfz mod_rpaf-0.6.tar.gz

cd mod_rpaf-0.6

/usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

  • open httpd.conf Configure the file, and modify the content of the file as follows:

LoadModule rpaf_ module modules/mod_ Rpaf-2.0.so loading Mod_ RPAF module

<IfModule mod_rpaf.c>

RPAFenable On

RPAFsethostname On

RPAFproxy_ IPS 127.0.0.1 < reverse proxy IPS >

RPAFheader X-Forwarded-For

</IfModule>

  • Define the log format.

LogFormat “%{X-Forwarded-For}i %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” common

  • Enable custom format logging.

CustomLog ‘/ [Apache directory] / logs/$ access.log ” common

  • Restart Apache to make the configuration take effect.

/[Apache directory] / httpd / bin / Apache CTL restart

  • see access.log Log file to obtain the real IP address of the visitor corresponding to x-forward-for.

How does nginx get the IP address of the real client in the access log

If your source station has deployed nginx reverse proxy, you can configure the location information in nginx reverse proxy, and the back-end web server can obtain the customer’s real IP address through similar functions.

  • According to the configuration of nginx reverse proxy in the source station, configure the following contents in the corresponding location of nginx reverse proxy to obtain the information of customer IP.

Location ^ /<uri> {

proxy_pass ….;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

  • The back-end web server obtains the client’s real IP through similar functions.

request.getAttribute(“X-Forwarded-For“)

How does IIS 6 get the IP address of the real client in the access log

If IIS 6 server is deployed in your source site, you can install “F5” server XForwardedFor.dll ”Plug in to get the real IP address of visitors from the access log recorded by IIS 6 server.

1. Download and install F5 XForwardedFor.dll ”Plug in.

2. According to the version of your server’s operating system, “F5” in the “x86 release” or “x64 release” directory XForwardedFor.dll ”Copy the file to the specified directory (for example, “C):” isapifilters “) and ensure that the IIS process has read access to the directory.

3. Open IIS manager, find the currently open website, right-click on the website and select “properties” to open the “properties” page.

4. On the property page, switch to ISAPI filter, click add, and in the pop-up window, configure the following information:

  • “Filter name”: “f5xforwardedfor”;
  • “Executable file”: “F5” XForwardedFor.dll ”The full path of the, for example: “C: \” isapifilters \ “F5 XForwardedFor.dll ”。

5. Click OK to restart IIS 6 server.

6. View the access log recorded by IIS 6 server (the default log path is “C: / / Windows / system32 / logfiles \”, and the file name of IIS log takes “. Log” as the suffix)X-Forwarded-ForThe real IP address of the corresponding visitor.

How does IIS 7 get the IP address of the real client in the access log

If IIS 7 server is deployed in your source site, you can get the real IP address of visitors from the access log recorded by IIS 7 server by installing “f5xforwarded for” module.

1. Download and install the “f5xforwarded for” module.

2. According to the version of the server’s operating system, “F5” in the directory of “x86 / release” or “x64 / release” will be deleted XFFHttpModule.dll ”And “F5” XFFHttpModule.ini ”Copy the file to the specified directory (for example, “C:: X_ forwarded_ “For x86” or “C:: X”_ forwarded_ And make sure that the IIS process has read access to the directory.

3. In the selection of IIS server, double-click “module” to enter the “module” interface.

4. Click “configure native module”, in the pop-up dialog box, click “register”, select “register module” according to the operating system to register the downloaded DLL file.

  • X86 operating system: registering module “X”_ forwarded_ for_ x86”
  • Name: X_ forwarded_ for_ x86
  • Path: “C::” X “_ forwarded_ for\x86\F5 XFFHttpModule.dll ”
  • X64 operating system: register module “X”_ forwarded_ for_ x64”
  • Name: X_ forwarded_ for_ x64
  • Path: “C::” X “_ forwarded_ for\x64\F5 XFFHttpModule.dll ”

5. After registration, check the newly registered module (“X”)_ forwarded_ for_ X86 “or” X “_ forwarded_ for_ X64) and click OK.

6. In “ISAPI and CGI restrictions”, add registered DLL files by operating system, and change “restrictions” to “allowed”.

  • X86 operating system:
  • ISAPI or CGI path: “C:: X_ forwarded_ for\x86\F5 XFFHttpModule.dll ”
  • Description: x86
  • X64 operating system:
  • ISAPI or CGI path: “C:: X_ forwarded_ for\x64\F5 XFFHttpModule.dll ”
  • Description: x64

7. Restart IIS 7 server and wait for the configuration to take effect.

8. View the access log recorded by IIS 7 server (the default log path is “C: / / Windows / system32 / logfiles \”, and the file name of IIS log takes “. Log” as the suffix)X-Forwarded-ForThe real IP address of the corresponding visitor.

Click follow to learn about Huawei’s new cloud technology for the first time~