1、IP透传
web服务器中需要记录客户端的真实IP地址,用于做访问统计、安全防护、行为分析、区域排行等场景
1.1 四层IP透传
1.1.1 HAProxy配置
##server配置 send-proxy参数
listen web_80
bind 10.10.100.101:80
mode tcp
balance roundrobin
server web01 10.10.100.102:80 send-proxy weight 1 check inter 3000 fall 3 rise 5
1.1.2 Nginx配置
#日志添加"$proxy_protocol_addr"配置
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$proxy_protocol_addr"';
server {
## 添加proxy_protocol参数
listen 80 proxy_protocol;
server_name 10.10.100.102;
location / {
root /apps/nginx/html;
index index.html index.htm;
}
}
1.1.3 访问日志
1.2 七层IP透传
1.2.1 HAProxy 配置:
haproxy 配置:
defaults
option forwardfor
或者: option forwardfor header X-Forwarded-xxx
#自定义传递IP参数,后端web服务器写X-Forwarded-xxx,如果写option forwardfor则后端服务器web格式为X-Forwarded-For
示例:
listen web_80
bind 10.10.100.101:80
mode http
option forwardfor
balance roundrobin
server web01 10.10.100.102:80 weight 1 check inter 3000 fall 3 rise 5
1.2.2 web服务器日志格式配置
配置web服务器,记录负载均衡透传的客户端IP地址
#apache 配置
LogFormat "%{X-Forwarded-For}i %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{UserAgent}i\"" combined
#tomcat 配置
pattern='%{X-Forwarded-For}i %l %T %t "%r" %s %b "%{User-Agent}i"'/>
#nginx 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" ';