我有一个位于负载均衡器后面的网络服务器,我试图让日志的第一个值是
$http_x_forwarded_for$remote_addr$http_x_forwarded_for我尝试了以下方法但没有成功:
set $realip $http_x_forwarded_for;
if ($http_x_forwarded_for ~ "") {
set $realip $remote_addr;
}
fastcgi_param REMOTE_ADDR $realip;
以及
set $realip $remote_addr;
if ($http_x_forwarded_for ~ "^(\d+\.\d+\.\d+\.\d+)") {
set $realip $1;
}
fastcgi_param REMOTE_ADDR $realip;
(如果我直接点击盒子,这两种方法都只会记录正确的IP,所有负载均衡点击都显示负载均衡器的IP而不是转发的IP)
我也尝试过
map $http_x_forwarded_for $forwardexists {
~*^(?![\s\S]) $http_x_real_ip; ## also tried ~"" and just "" to match empty
default $http_x_forwarded_for;
}
log_format forwardedIP '$forwardexists $remote_user [$time_local] '
'"$request" $status $body_bytes_sent "$http_referer" '
'"$http_user_agent"' ;
然后使用
forwardedIP有什么方法可以实现我想要的吗?
UGH终于弄清楚了,我需要使用:
map $http_x_forwarded_for $forwardexists {
"" $remote_addr;
default $http_x_forwarded_for;
}
正确的做法是在 nginx 中设置 real_ip_header 配置。
受信任的 HTTP 代理 IP 示例:
set_real_ip_from 127.0.0.1/32;
real_ip_header X-Forwarded-For;
这样,$_SERVER['REMOTE_ADDR']将在PHP fastcgi中正确填写。