当前位置:网站首页>X-forwarded-for details, how to get the client IP
X-forwarded-for details, how to get the client IP
2022-07-06 15:46:00 【Empty one by one】
Let's start with the official definition
X-Forwarded-For
X-Forwarded-For
(XFF) In the process of client accessing the server, if you need to go through HTTP Proxy or load balancing server , It can be used to obtain the information of the client that originally initiated the request IP Address , This news first became the de facto standard . When the message flow is intercepted from the client to the server , The server-side access log can only record the information of the proxy server or load balancing server IP Address . If you want to get the name of the client who originally initiated the request IP Address if , that X-Forwarded-For That's where it comes in .
This message header will be used for debugging and statistics , And generate customized content based on location , According to the design purpose , It will expose certain privacy and sensitive information , For example, the client's IP Address . So when applying the header of this message , The privacy of users needs to be taken into account .
HTTP In the agreement Forwarded It is the standardized version of the first part of this message .
X-Forwarded-For
It is also the first used in an email related agreement , Used to indicate that an email was forwarded from another account .
Header type | Request header |
---|---|
Forbidden header name | no |
grammar
X-Forwarded-For: <client>, <proxy1>, <proxy2> The specific links :X-Forwarded-For - HTTP | MDNX-Forwarded-For (XFF) In the process of client accessing the server, if you need to go through HTTP Proxy or load balancing server , It can be used to obtain the information of the client that originally initiated the request IP Address , This news first became the de facto standard . When the message flow is intercepted from the client to the server , The server-side access log can only record the information of the proxy server or load balancing server IP Address . If you want to get the name of the client who originally initiated the request IP Address if , that X-Forwarded-For That's where it comes in .https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/X-Forwarded-For
Let me use a picture to describe X-Forwarded-For Collection process
There are 6 A step , When a user initiates a website visit , in the light of x-forwarded-for The importance of 5 Nodes have been described ,
An example is user access www.baidu.com
① Convert home LAN to community LAN address , This is also a LAN , Just bigger ;
② Pass the LAN address of the community through SNAT Convert to public address :36.110.25.116;
2-3 Dns The service converts the target address of the access into a specific ip;
③ Network access equipment of the computer room where the accessed service is located ip:220.181.38.148;
④ after waf The server :105.16.35.100;
⑤ Request to reach the company LAN proxy server 101.25.48.201;
Finally, we arrive at the real business server Server. This time from Server Collected on the server X-Forwarded-For The address is as follows :
X-Forwarded-For: 36.110.25.116,220.181.38.148,105.16.35.100,101.25.48.201
client IP proxy-ip proxy-ip proxy-ip
Reference resources
X-Forwarded-For and X-Real-IP The difference between ? - Pig Ah Mei - Blog Garden
边栏推荐
猜你喜欢
随机推荐
信息安全-安全专业名称|CVE|RCE|POC|VUL|0DAY
nodejs爬虫
学习记录:理解 SysTick系统定时器,编写延时函数
Research Report on medical toilet industry - market status analysis and development prospect forecast
基于web的照片数码冲印网站
Learning record: use STM32 external input interrupt
信息安全-威胁检测-NAT日志接入威胁检测平台详细设计
VS2019初步使用
Perinatal Software Industry Research Report - market status analysis and development prospect forecast
Accounting regulations and professional ethics [5]
差分(一维,二维,三维) 蓝桥杯三体攻击
动态规划前路径问题
Opencv learning log 15 count the number of solder joints and output
ucore lab 2
Research Report on market supply and demand and strategy of China's Medical Automation Industry
Learning record: how to perform PWM output
Cost accounting [22]
【练习4-1】Cake Distribution(分配蛋糕)
对iptables进行常规操作
Cost accounting [16]