我如何在Node.js中获得这个人的IP地址？

Question

有人在我的服务器上运行漏洞扫描器。我收到了一些奇怪的请求，比如：

IP ADDRESS: ::ffff:127.0.0.1
www-0 (out): POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E 

IP使用来自another Stackoverflow answer的代码显示了127.0.0.1

app.use(function(req, res, next) {
    var ip = req.headers['x-forwarded-for'] || 
     req.connection.remoteAddress || 
     req.socket.remoteAddress ||
     req.connection.socket.remoteAddress;
    console.log('IP ADDRESS: ', ip);
    next();
});

想阻止这个人在Cloudflare上这样就不会弄乱我的日志了。

我是在Mini服务器上运行这个的，它是几周前刚安装的，所以我不认为我的服务器被破坏了(或者有吗？)并在本地运行漏洞扫描。

Answer 1

您可以调用req.connection.remoteAddress来获取个人的真实IP地址(或他们的代理，这就是他们提出请求所需要的)，然后您可以将不同的禁用IP存储在一个数组中。

app.use(function(req, res, next) {
    var ip = req.connection.remoteAddress;
    if (bannedips.indexof(ip) > -1) {
        req.abort();
    }
    console.log("IP ADDRESS: ", ip);
    next();
});

编辑

既然我知道您正在使用CloudFlare，那么CF-Connecting-IP头将更适用于您的情况。

app.use(function(req, res, next) {
    var ip = req.headers["CF-Connecting-IP"];
    if (bannedips.indexof(ip) > -1) {
        req.abort();
    }
    console.log("IP ADDRESS: ", ip);
    next();
});