blocks|key|834184|text|为此，您可以使用mod_rpaf。http://stderr.net/apache/rpaf/|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|834185|entityMap|0|LINK|mutability|MUTABLE|url|http://stderr.net/apache/rpaf/^0|H|U|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

You can use mod_rpaf for that. <a href="http://stderr.net/apache/rpaf/" rel="noreferrer">http://stderr.net/apache/rpaf/</a>

blocks|key|2547520|text|注意，如果请求已经遍历了多个代理，则X-Forwarded-For报头可以包含IP地址的列表。在这种情况下，您通常需要最左边的IP。您可以使用SetEnvIf解压缩以下内容：|type|unstyled|depth|inlineStyleRanges|offset|length|style|BOLD|entityRanges|data|2547521|SetEnvIf+X-Forwarded-For+"%5E(\d{1,3}%2B\.\d{1,3}%2B\.\d{1,3}%2B\.\d{1,3}%2B).*"+XFFCLIENTIP=$1|code-block|syntax|javascript|2547522|注意，使用$1设置XFFCLIENTIP环境变量以保存正则表达式中第一个组的内容(在括号中)。|2547523|然后，您可以使用环境变量的值来设置标头(或者以Apache日志格式使用它，以便日志包含实际的客户端IP)。|2547524|entityMap^0|18|2|0|0|5|2|0|0^^$0|@$1|2|3|4|5|6|7|Q|8|@$9|R|A|S|B|C]]|D|@]|E|$]]|$1|F|3|G|5|H|7|T|8|@]|D|@]|E|$I|J]]|$1|K|3|L|5|6|7|U|8|@$9|V|A|W|B|C]]|D|@]|E|$]]|$1|M|3|N|5|6|7|X|8|@]|D|@]|E|$]]|$1|O|3|-4|5|6|7|Y|8|@]|D|@]|E|$]]]|P|$]]

Note that the X-Forwarded-For header may contain a list of IP addresses if the request has traversed more than one proxy. In this case, you usually want the leftmost IP. You can extract this with a SetEnvIf:

<pre><code>SetEnvIf X-Forwarded-For "^(\d{1,3}+\.\d{1,3}+\.\d{1,3}+\.\d{1,3}+).*" XFFCLIENTIP=$1
</code></pre>

Note the use of $1 to set the XFFCLIENTIP environment variable to hold the contents of the first group in the regex (in the parentheses).

Then you can use the value of the environment variable to set headers (or use it in Apache log formats so that the logs contain the actual client IP).

blocks|key|835659|text|目前，apache模块mod_remoteip是推荐的方法；rpaf还没有得到可靠的维护，可能会导致问题。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|835660|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

Currently apache module mod_remoteip is the recommended way to do this; rpaf hasn't been reliably maintained, and can cause problems.

blocks|key|1137610|text|除了前面提到的mod_rpaf之外，看起来mod_extract_forwarded也将执行此功能。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1137611|mod_extract_forwarded的一个优点是，它可以从EPEL获得，而mod_rpaf不能。|style|CODE|1137612|这两个模块似乎都不允许您将代理服务器的整个子网列入白名单，这就是为什么CloudFlare人员创建了自己的插件：mod_cloudflare，它不是像其他两个那样的通用工具；它包含CloudFlare子网的硬编码列表。|1137613|entityMap|0|LINK|mutability|MUTABLE|url|http://stderr.net/apache/rpaf/|1|http://www.openinfo.co.uk/apache/|2|http://fedoraproject.org/wiki/EPEL|3|https://www.cloudflare.com/wiki/Log_Files^0|7|8|0|L|L|1|0|0|L|14|8|W|4|2|0|1K|E|3|0^^$0|@$1|2|3|4|5|6|7|X|8|@]|9|@$A|Y|B|Z|1|10]|$A|11|B|12|1|13]]|C|$]]|$1|D|3|E|5|6|7|14|8|@$A|15|B|16|F|G]|$A|17|B|18|F|G]]|9|@$A|19|B|1A|1|1B]]|C|$]]|$1|H|3|I|5|6|7|1C|8|@]|9|@$A|1D|B|1E|1|1F]]|C|$]]|$1|J|3|-4|5|6|7|1G|8|@]|9|@]|C|$]]]|K|$L|$5|M|N|O|C|$P|Q]]|R|$5|M|N|O|C|$P|S]]|T|$5|M|N|O|C|$P|U]]|V|$5|M|N|O|C|$P|W]]]]

In addition to <a href="http://stderr.net/apache/rpaf/" rel="nofollow">mod_rpaf</a> as mentioned before, it appears that <a href="http://www.openinfo.co.uk/apache/" rel="nofollow">mod_extract_forwarded</a> will perform this function as well.

One advantage to <code>mod_extract_forwarded</code> is that it is available from <a href="http://fedoraproject.org/wiki/EPEL" rel="nofollow">EPEL</a> for RHEL/CentOS servers whereas <code>mod_rpaf</code> is not.

It appears that neither of these two modules allow you to whitelist an entire subnet of proxy servers, which is why the CloudFlare folks created their own plugin: <a href="https://www.cloudflare.com/wiki/Log_Files" rel="nofollow">mod_cloudflare</a> which, it should be noted, is not a general-purpose tool like the other two; it contains a hardcoded list of CloudFlare subnets.

blocks|key|2547620|text|是的，我们可以做到。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2547621|只需在您的PHP.ini中添加一个auto_prepend_file，如auto_prepend_file+=+"c:/prepend.php"，并在此文件中添加以下内容：|offset|length|style|CODE|2547622|if+(isset($_SERVER['HTTP_X_FORWARDED_FOR']))+{
++++$_SERVER['REMOTE_ADDR']+=+$_SERVER['HTTP_X_FORWARDED_FOR'];
}|code-block|syntax|javascript|2547623|你需要apache+width+RemoteIPHeader+X-Real-IP中的MOD_REMOTEIP。|2547624|干杯,|2547625|Guiremach|2547626|entityMap^0|0|10|10|0|0|G|O|0|0|0^^$0|@$1|2|3|4|5|6|7|U|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|V|8|@$D|W|E|X|F|G]]|9|@]|A|$]]|$1|H|3|I|5|J|7|Y|8|@]|9|@]|A|$K|L]]|$1|M|3|N|5|6|7|Z|8|@$D|10|E|11|F|G]]|9|@]|A|$]]|$1|O|3|P|5|6|7|12|8|@]|9|@]|A|$]]|$1|Q|3|R|5|6|7|13|8|@]|9|@]|A|$]]|$1|S|3|-4|5|6|7|14|8|@]|9|@]|A|$]]]|T|$]]

Yes, we can do this.

Just add a auto_prepend_file in your PHP.ini like <code>auto_prepend_file = "c:/prepend.php"</code>
and in this file add this:

<pre><code>if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
 $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
</code></pre>

You need the MOD_REMOTEIP in apache width <code>RemoteIPHeader X-Real-IP</code>.

Cheers,

Guiremach

blocks|key|1137699|text|不幸的是，|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1137700|在撰写本文时，freshports.org、people.apache.org或gist.github.com的后端口和分支都不起作用。它们都是基于apache+httpd2.3的早期alpha版本，该版本既不兼容当前的2.2版本，也不兼容2.4版本。|1137701|因此，在尝试调整后端端口来为httpd+2.2创建一个真正有效的后端端口时，我浪费了几个小时的时间，之后我决定转移到httpd+2.4。在httpd+2.4中，即使负载均衡器具有永久保持连接，mod_remoteip也可以顺利工作，该连接用于将来自不同实际客户端ip地址的请求代理到后端。我不确定其他模块是否可以处理这种情况(在同一连接中的每个请求上更改客户端ip地址)。|1137702|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|H|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|I|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|J|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|G|$]]

Unfortunately,

at the time of this writing, none of the backports and forks at freshports.org, people.apache.org or gist.github.com worked. They were all based on an early alpha version of apache httpd 2.3 which was neither compatible with current versions of 2.2 nor 2.4.

So after hours of wasting time while trying to adjust the backports to create a real working one for httpd 2.2, I decided to move to httpd 2.4. Within httpd 2.4, mod_remoteip works smoothly, even if a load balancer has permanent keepalive connections which it uses to proxy requests from different actual client ip addresses to the backend. I'm not sure if the other modules can handle this situation (changing client ip addresses on each request within the same connection).

blocks|key|835489|text|请记住，此值可能会被欺骗。有关跨站点脚本后果的实际示例，请参阅http://blog.c22.cc/2011/04/22/surveymonkey-ip-spoofing/。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|835490|entityMap|0|LINK|mutability|MUTABLE|url|http://blog.c22.cc/2011/04/22/surveymonkey-ip-spoofing/^0|V|1J|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

Remember that this value can be spoofed. See <a href="http://blog.c22.cc/2011/04/22/surveymonkey-ip-spoofing/" rel="nofollow">http://blog.c22.cc/2011/04/22/surveymonkey-ip-spoofing/</a> for a real-life example with Cross-site Scripting consequences.

blocks|key|87689|text|您可以安装模块mod_extract_forwarded并将MEFaccept参数设置为all。|type|unstyled|depth|inlineStyleRanges|offset|length|style|BOLD|entityRanges|data|87690|entityMap^0|7|L|U|9|0^^$0|@$1|2|3|4|5|6|7|H|8|@$9|I|A|J|B|C]|$9|K|A|L|B|C]]|D|@]|E|$]]|$1|F|3|-4|5|6|7|M|8|@]|D|@]|E|$]]]|G|$]]

You can install the module mod_extract_forwarded and set MEFaccept parameter to all.

blocks|key|1137842|text|从Apache2.4开始，就有内置的模块可以做到这一点。|type|unstyled|depth|inlineStyleRanges|offset|length|style|BOLD|entityRanges|data|1137843|1137844|启用mod_remoteip|ordered-list-item|CODE|1137845|1137846|(例如a2enmod+remoteip)|1137847|1137848|创建受信任的IP范围列表(接受远程IP报头的IP)。您可以将它们放在像conf/trusted-ranges.txt|1137849|这样的文件中|1137850|1137851|将以下行添加到Apache配置中：|1137852|1137853|RemoteIPTrustedProxyList+conf/trusted-ranges.txt|1137854|1137855|将日志文件格式更改为使用%25a而不是%25h来记录客户端IP。|1137856|1137857|1137858|对于Cloudflare，您需要信任其所有IP范围和，并使用自定义标头CF-Connecting-IP|1137859|RemoteIPHeader+CF-Connecting-IP|code-block|syntax|javascript|1137860|您可以像这样获取Cloudflare范围：|1137861|curl+https://www.cloudflare.com/ips-v4+>+trusted-ranges.txt
curl+https://www.cloudflare.com/ips-v6+>>+trusted-ranges.txt|1137862|entityMap^0|1|9|0|0|2|C|0|0|3|G|0|0|Z|N|0|0|0|0|0|0|0|C|2|H|2|0|0|0|2|A|P|1|Z|G|0|0|0|0^^$0|@$1|2|3|4|5|6|7|1G|8|@$9|1H|A|1I|B|C]]|D|@]|E|$]]|$1|F|3|-4|5|6|7|1J|8|@]|D|@]|E|$]]|$1|G|3|H|5|I|7|1K|8|@$9|1L|A|1M|B|J]]|D|@]|E|$]]|$1|K|3|-4|5|6|7|1N|8|@]|D|@]|E|$]]|$1|L|3|M|5|6|7|1O|8|@$9|1P|A|1Q|B|J]]|D|@]|E|$]]|$1|N|3|-4|5|6|7|1R|8|@]|D|@]|E|$]]|$1|O|3|P|5|I|7|1S|8|@$9|1T|A|1U|B|J]]|D|@]|E|$]]|$1|Q|3|R|5|6|7|1V|8|@]|D|@]|E|$]]|$1|S|3|-4|5|6|7|1W|8|@]|D|@]|E|$]]|$1|T|3|U|5|I|7|1X|8|@]|D|@]|E|$]]|$1|V|3|-4|5|6|7|1Y|8|@]|D|@]|E|$]]|$1|W|3|X|5|6|7|1Z|8|@]|D|@]|E|$]]|$1|Y|3|-4|5|6|7|20|8|@]|D|@]|E|$]]|$1|Z|3|10|5|I|7|21|8|@$9|22|A|23|B|J]|$9|24|A|25|B|J]]|D|@]|E|$]]|$1|11|3|-4|5|6|7|26|8|@]|D|@]|E|$]]|$1|12|3|-4|5|6|7|27|8|@]|D|@]|E|$]]|$1|13|3|14|5|6|7|28|8|@$9|29|A|2A|B|C]|$9|2B|A|2C|B|C]|$9|2D|A|2E|B|J]]|D|@]|E|$]]|$1|15|3|16|5|17|7|2F|8|@]|D|@]|E|$18|19]]|$1|1A|3|1B|5|6|7|2G|8|@]|D|@]|E|$]]|$1|1C|3|1D|5|17|7|2H|8|@]|D|@]|E|$18|19]]|$1|1E|3|-4|5|6|7|2I|8|@]|D|@]|E|$]]]|1F|$]]

Since Apache 2.4 there is <a href="http://httpd.apache.org/docs/current/mod/mod_remoteip.html" rel="nofollow noreferrer">mod_remoteip</a> built-in module that does this.
<ol>
<li>Enable <code>mod_remoteip</code> 
(e.g. <code>a2enmod remoteip</code>)
</li>
<li>Create a list of trusted IP ranges (the IPs from which you accept the remote IP header). You can put them in a file like <code>conf/trusted-ranges.txt</code>
</li>
<li>Add this line to the Apache config:
<pre><code>RemoteIPTrustedProxyList conf/trusted-ranges.txt
</code></pre>
</li>
<li>Change your log file formats to use <code>%a</code> instead of <code>%h</code> for logging the client IP.
</li>
</ol>
<hr />
For Cloudflare you need to trust all their IP ranges and use a custom header <code>CF-Connecting-IP</code>:
<pre><code>RemoteIPHeader CF-Connecting-IP
</code></pre>
You can get Cloudflare ranges like this:
<pre><code>curl https://www.cloudflare.com/ips-v4 &gt; trusted-ranges.txt
curl https://www.cloudflare.com/ips-v6 &gt;&gt; trusted-ranges.txt
</code></pre>

In a situation where Apache is sitting behind a reverse proxy (such as Squid), the cgi environment variable <code>REMOTE_ADDR</code> gets the address of the proxy rather than the client.

However, the proxy will set a header called <code>X-Forwarded-For</code> to contain the original IP address of the client so that Apache can see it.

The question is, how do we get Apache to replace <code>REMOTE_ADDR</code> with the value in the <code>X-Forwarded-For</code> header so that all of the web applications will transparently see the correct address?

Set REMOTE_ADDR to X-Forwarded-For in apache

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

教程

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云智能顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云AI代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

功能1上新10个字符

功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符。

功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符。

功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符

功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符

功能4上新

文章&问答评论现已支持表情

全新交互，全新视觉，新增快捷键、悬浮工具栏、高亮块等功能并同时优化现有功能，全面提升创作效率和体验

社区富文本编辑器全新改版！诚邀体验～ 

精选全网热门MCP server，让你的AI更好用 🚀

💥开发者 MCP广场重磅上线！

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

聚焦“写作效率、视觉美观与运行性能”三方面进行全面升级，为您提供更高效、稳定的创作环境

社区富文本&Markdown编辑器全新改版上线，欢迎大家体验!

诚挚邀请您参与本次调研，分享您的真实使用感受与建议。您的反馈至关重要，感谢您的支持与参与！

社区新版编辑器体验调研

在Apache位于反向代理(例如Squid)之后的情况下，cgi环境变量REMOTE_ADDR将获取代理的地址，而不是客户端的地址。但是，代理将设置一个名为X-Forwarded-For的头来包含客户端的原始IP地址，以便Apache可以看到它。问题是，我们如何让Apache将REMOTE_ADDR替换为X-Forwarded-For头中的值，以便所有web应用程序都能透明地看到正确的地址？

问在apache中将REMOTE_ADDR设置为X-Forwarded-For
EN

回答 9

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问在apache中将REMOTE_ADDR设置为X-Forwarded-ForEN

回答 9

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问在apache中将REMOTE_ADDR设置为X-Forwarded-For
EN