当前位置:网站首页>X-Forwarded-For详解、如何获取到客户端IP
X-Forwarded-For详解、如何获取到客户端IP
2022-07-06 09:26:00 【一一空】
我们先看看官方定义
X-Forwarded-For
X-Forwarded-For (XFF) 在客户端访问服务器的过程中如果需要经过HTTP代理或者负载均衡服务器,可以被用来获取最初发起请求的客户端的IP地址,这个消息首部成为事实上的标准。在消息流从客户端流向服务器的过程中被拦截的情况下,服务器端的访问日志只能记录代理服务器或者负载均衡服务器的IP地址。如果想要获得最初发起请求的客户端的IP地址的话,那么 X-Forwarded-For 就派上了用场。
这个消息首部会被用来进行调试和统计,以及生成基于位置的定制化内容,按照设计的目的,它会暴露一定的隐私和敏感信息,比如客户端的IP地址。所以在应用此消息首部的时候,需要将用户的隐私问题考虑在内。
HTTP 协议中的 Forwarded 是这个消息首部的标准化版本。
X-Forwarded-For 也是一个电子邮件相关协议中用到的首部,用来表示一封电子邮件是从其他账户转发过来的。
| Header type | Request header |
|---|---|
| Forbidden header name | no |
语法
X-Forwarded-For: <client>, <proxy1>, <proxy2> 具体链接:X-Forwarded-For - HTTP | MDNX-Forwarded-For (XFF) 在客户端访问服务器的过程中如果需要经过HTTP代理或者负载均衡服务器,可以被用来获取最初发起请求的客户端的IP地址,这个消息首部成为事实上的标准。在消息流从客户端流向服务器的过程中被拦截的情况下,服务器端的访问日志只能记录代理服务器或者负载均衡服务器的IP地址。如果想要获得最初发起请求的客户端的IP地址的话,那么 X-Forwarded-For 就派上了用场。https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/X-Forwarded-For
下面我用一张图给大家来描述X-Forwarded-For的采集过程
这个图中一共6个步骤,在用户发起网站访问时,针对x-forwarded-for的重要5个节点已做了描述,
举例是用户访问www.baidu.com
①将家庭局域网转换成小区局域网地址,这里还是局域网,只是更大;
②将小区局域网地址通过SNAT转换成公网地址:36.110.25.116;
2-3 Dns服务将访问的目标地址转换成具体的ip;
③被访问服务所在机房的入网设备ip:220.181.38.148;
④经过waf服务器:105.16.35.100;
⑤请求到达公司局域网代理服务器 101.25.48.201;
最后到达真正的业务服务器Server。这个时候从Server服务器上采集到的X-Forwarded-For地址如下:
X-Forwarded-For: 36.110.25.116,220.181.38.148,105.16.35.100,101.25.48.201
客户端IP proxy-ip proxy-ip proxy-ip
参考
边栏推荐
- China medical check valve market trend report, technical dynamic innovation and market forecast
- LeetCode#19. Delete the penultimate node of the linked list
- Research Report on medical toilet industry - market status analysis and development prospect forecast
- Es6---es6 content details
- LeetCode#118. Yanghui triangle
- LeetCode#237. Delete nodes in the linked list
- Cost accounting [18]
- LeetCode#204. Count prime
- JS --- all knowledge of JS objects and built-in objects (III)
- C语言必背代码大全
猜你喜欢
Learning record: Tim - capacitive key detection
信息安全-威胁检测-NAT日志接入威胁检测平台详细设计
JS --- BOM details of JS (V)
Optimization method of path problem before dynamic planning
Learning record: Tim - Basic timer
![mysql导入数据库报错 [Err] 1273 – Unknown collation: ‘utf8mb4_0900_ai_ci’](/img/e6/f4a696179282fe1f4193410c5a493a.png)
mysql导入数据库报错 [Err] 1273 – Unknown collation: ‘utf8mb4_0900_ai_ci’
MATLAB综合练习:信号与系统中的应用
学习记录:TIM—基本定时器
学习记录:TIM—电容按键检测
ucore lab5
随机推荐
Crawler series (9): item+pipeline data storage
Cost accounting [18]
Report on the market trend, technological innovation and market forecast of printing and decorative paper in China
China's earthwork tire market trend report, technical dynamic innovation and market forecast
Opencv learning log 14 - count the number of coins in the picture (regardless of overlap)
Flex --- detailed explanation of flex layout attributes
区间和------离散化
Hospital privacy screen Industry Research Report - market status analysis and development prospect forecast
Research Report on market supply and demand and strategy of geosynthetics industry in China
Research Report on market supply and demand and strategy of Chinese hospital cleaning chemicals industry
C 基本语法
1010 things that college students majoring in it must do before graduation
Learning records: serial communication and solutions to errors encountered
Cost accounting [22]
CS zero foundation introductory learning record
LeetCode#198. raid homes and plunder houses
Cost accounting [14]
JS --- BOM details of JS (V)
Stm32 dossiers d'apprentissage: saisie des applications
STM32如何使用STLINK下载程序:点亮LED跑马灯(库版本)