Haproxy反向代理的Apache服务器,获取客户端真实IP地址

1.修改Haproxy配置文件

vim /etc/haproxy/haproxy.cfg
#在frontend段添加
option forwardfor
#使用forwardfor后,Haproxy会向每个发往后端真实服务器的请求添加X-Forwarded-For记录,这样后端真实服务器日志可以通过X-Forwarded-For信息来记录客户端来源IP

#重启haproxy服务。
systemctl restart haproxy

2.在服务端添加第三方模块mod_rpaf
apache2.4版本

wget http://mirror.trouble-free.net/sources/mod_rpaf-0.6.tar.gz 
tar xzvf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
vim mod_rpaf-2.0.c.patch
--- mod_rpaf-2.0.c.org 

  2012-05-17 12:05:34.082130109 +0900
+++ mod_rpaf-2.0.c      2012-05-17 12:16:41.648138252 +0900
@@ -147,8 +147,8 @@
 
 static apr_status_t rpaf_cleanup(void *data) {
     rpaf_cleanup_rec *rcr = (rpaf_cleanup_rec *)data;
-    rcr->r->connection->remote_ip   = apr_pstrdup(rcr->r->connection->pool, rcr->old_ip);
-    rcr->r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(rcr->r->connection->remote_ip);
+    rcr->r->connection->client_ip   = apr_pstrdup(rcr->r->connection->pool, rcr->old_ip);
+    rcr->r->connection->client_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(rcr->r->connection->client_ip);
     return APR_SUCCESS;
 }
 
@@ -161,7 +161,7 @@
     if (!cfg->enable)
         return DECLINED;
 
-    if (is_in_array(r->connection->remote_ip, cfg->proxy_ips) == 1) {
+    if (is_in_array(r->connection->client_ip, cfg->proxy_ips) == 1) {
         /* check if cfg->headername is set and if it is use
            that instead of X-Forwarded-For by default */
         if (cfg->headername && (fwdvalue = apr_table_get(r->headers_in, cfg->headername))) {
@@ -180,11 +180,11 @@
                 if (*fwdvalue != '\0')
                     ++fwdvalue;
             }
-            rcr->old_ip = apr_pstrdup(r->connection->pool, r->connection->remote_ip);
+            rcr->old_ip = apr_pstrdup(r->connection->pool, r->connection->client_ip);
             rcr->r = r;
             apr_pool_cleanup_register(r->pool, (void *)rcr, rpaf_cleanup, apr_pool_cleanup_null);
-            r->connection->remote_ip = apr_pstrdup(r->connection->pool, ((char **)arr->elts)[((arr->nelts)-1)]);
-            r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(r->connection->remote_ip);
+            r->connection->client_ip = apr_pstrdup(r->connection->pool, ((char **)arr->elts)[((arr->nelts)-1)]);
+            r->connection->client_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(r->connection->client_ip);
             if (cfg->sethostname) {
                 const char *hostvalue;
                 if (hostvalue = apr_table_get(r->headers_in, "X-Forwarded-Host")) {
wq!

yum -y install httpd-devel patch
patch <mod_rpaf-2.0.c.patch
apxs -c -i -a mod_rpaf-2.0.c

#添加配置文件
vim /etc/httpd/conf.d/mod_rpaf.conf
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
RPAFheader X-Forwarded-For
wq!

#重启apache
systemctl restart httpd

推荐阅读更多精彩内容

  • Spring Cloud为开发人员提供了快速构建分布式系统中一些常见模式的工具(例如配置管理,服务发现,断路器,智...
    卡卡罗2017阅读 119,426评论 16 133
  • 各位小伙伴们,大家早上好。我是向往,感谢咕咕姐给提供的这个平台,让我们于人海茫茫中相聚一起。今天我领读的部分是《小...
    宁博Villa阅读 307评论 4 11
  • “我们相爱一生,还是太短。” 从秋天开始,在下一个冬天结束,当江的那一边只留下了一个土堆和熊熊燃烧的思念,江的这一...
    自言自语ing阅读 351评论 0 0
  • 春的气息 唤醒了你沉睡的眼 攀着太阳的手臂向上爬去 憧憬着璀璨的梦 夏的炙烤 锻炼了你的筋骨 你容光焕发 自信满满...
    PinkDream_fe40阅读 123评论 0 12