1、IP透傳
web伺服器中需要記錄用戶端的真實IP位址,用于做通路統計、安全防護、行為分析、區域排行等場景
1.1 四層IP透傳
1.1.1 HAProxy配置
##server配置 send-proxy參數
listen web_80
bind 10.10.100.101:80
mode tcp
balance roundrobin
server web01 10.10.100.102:80 send-proxy weight 1 check inter 3000 fall 3 rise 5
1.1.2 Nginx配置
#日志添加"$proxy_protocol_addr"配置
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$proxy_protocol_addr"';
server {
## 添加proxy_protocol參數
listen 80 proxy_protocol;
server_name 10.10.100.102;
location / {
root /apps/nginx/html;
index index.html index.htm;
}
}
1.1.3 通路日志
1.2 七層IP透傳
1.2.1 HAProxy 配置:
haproxy 配置:
defaults
option forwardfor
或者: option forwardfor header X-Forwarded-xxx
#自定義傳遞IP參數,後端web伺服器寫X-Forwarded-xxx,如果寫option forwardfor則後端伺服器web格式為X-Forwarded-For
示例:
listen web_80
bind 10.10.100.101:80
mode http
option forwardfor
balance roundrobin
server web01 10.10.100.102:80 weight 1 check inter 3000 fall 3 rise 5
1.2.2 web伺服器日志格式配置
配置web伺服器,記錄負載均衡透傳的用戶端IP位址
#apache 配置
LogFormat "%{X-Forwarded-For}i %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{UserAgent}i\"" combined
#tomcat 配置
pattern='%{X-Forwarded-For}i %l %T %t "%r" %s %b "%{User-Agent}i"'/>
#nginx 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" ';