通过配置nginx的proxy_set_header解决无法正确获取客户端访问ip地址总显示127.0.0.1

有运维或运维开发方面的需求,可以联系博主QQ 452336092或Email:admin#centos.bz(收费)

文章目录
[隐藏]

一、前言

为了防止本站资源(小木人印象www.xwood.net)被恶意下载,最近实现安全控制模块-通过分析用户访问IP地址在有效时间内的对本站资源合理下载量,作为黑名单规则,但是发现获取通过之前HttpClientIpUtils工具类获取的ip地址都是127.0.0.1,无法获取终端访问用户有效的ip地址,导致黑名单库无法创建。

二、解决方法

由于nginx配置服务端的反向代理导致,之前反向配置如下

location ^~/open-api/{
    proxy_pass   http://127.0.0.1:8080/openapi/;  
}

应该调整配置为如下(增加配置项proxy_set_header x-forwarded-for $remote_addr;)

location ^~/open-api/{
    proxy_pass   http://127.0.0.1:8080/openapi/;
    proxy_set_header x-forwarded-for  $remote_addr;
}

三、黑名单代码分享

1、访问客户端安全控制类ClientUserController,代码如下

public class ClientUserController {

    private static final Logger logger = Logger.getLogger(ClientUserController.class);
    private  static  ConcurrentMap<String,ClientUser>  downloadUsers=new ConcurrentHashMap<String,ClientUser>();
    private  static  List<String>  blackIplist=new CopyOnWriteArrayList<String>();

    //12小时最大下载量
    private  static   int   maxDayDownloadTimes=1000;

    //验证期限
    private  static   long  validTimeSec=12*60*60;

    public  static  void  register(String ip){

        if(StringUtils.isEmpty(ip)||"127.0.0.1".equalsIgnoreCase(ip))
            return ;

        if(!isPermission(ip))
            return ;

        if(downloadUsers.containsKey(ip)){
            downloadUsers.get(ip).setDownloadTimes(downloadUsers.get(ip).getDownloadTimes()+1);
            logger.info(" downloadUser login --------------:"+ip+" times----------------:"+downloadUsers.get(ip).toString());
        }else{
            downloadUsers.put(ip,new ClientUser(ip));
            logger.info(" New downloadUser  register --------------:"+ip+" times----------------:1");
        }

    }


    public  static  boolean  isPermission(String ip){

        if(StringUtils.isEmpty(ip)){
            logger.info(" downloadUser  isPermission  false,becase you  have't  clientIp <<<<<<<<<<<<<<<<<<<<<<<< ");
            return  false;
        }

        if("127.0.0.1".equalsIgnoreCase(ip)){
            logger.info(" downloadUser can't  get ip ; ======================================== 127.0.0.1 ");
            return true;
        }


        if(blackIplist.contains(ip)){
            logger.info(" downloadUser@"+ip+"@  is danger downloadUser  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  ");
            logger.info(" downloadUser@"+ip+"@  is danger downloadUser  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  ");
            logger.info(" downloadUser@"+ip+"@  is danger downloadUser  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  ");
            return false;
        }

        if(downloadUsers.containsKey(ip)){

            ClientUser  checkClientUser=downloadUsers.get(ip);

            if(System.currentTimeMillis()-checkClientUser.getLastTime()>=validTimeSec){

                if(checkClientUser.getDownloadTimes()>=maxDayDownloadTimes){
                    blackIplist.add(ip);
                    logger.info(" downloadUser@"+ip+"@  add  to  blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  ");
                    logger.info(" downloadUser@"+ip+"@  add  to  blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  ");
                    logger.info(" downloadUser@"+ip+"@  add  to  blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  ");
                    return false;
                }else{
                    downloadUsers.remove(ip);
                }

            }else{

                if(checkClientUser.getDownloadTimes()>=maxDayDownloadTimes){
                    blackIplist.add(ip);
                    logger.info(" downloadUser@"+ip+"@  add  to  blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  ");
                    logger.info(" downloadUser@"+ip+"@  add  to  blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  ");
                    logger.info(" downloadUser@"+ip+"@  add  to  blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  ");
                    logger.info(" downloadUser@"+ip+"@  add  to  blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  ");
                    logger.info(" downloadUser@"+ip+"@  add  to  blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  ");
                    logger.info(" downloadUser@"+ip+"@  add  to  blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!  ");
                    return false;
                }

            }


        }

        return true;
    }


}

2、客户端用户类ClientUser,代码如下

public class ClientUser {

    private  String ip;

    private  Integer downloadTimes=1;

    private  Long  lastTime;

    public ClientUser() {
        super();
        lastTime=System.currentTimeMillis();
    }

    public ClientUser(String ip) {
        super();
        this.ip = ip;
        lastTime=System.currentTimeMillis();
    }

    public String getIp() {
        return ip;
    }

    public void setIp(String ip) {
        this.ip = ip;
    }

    public Integer getDownloadTimes() {
        return downloadTimes;
    }

    public void setDownloadTimes(Integer downloadTimes) {
        this.downloadTimes = downloadTimes;
    }

    public Long getLastTime() {
        return lastTime;
    }

    public void setLastTime(Long lastTime) {
        this.lastTime = lastTime;
    }


    public static  void  main(String[] args) throws Exception{
        ClientUser  u=new ClientUser();
        u.lastTime=System.currentTimeMillis();
        Thread.sleep(2000);
        System.out.println((System.currentTimeMillis()-u.lastTime)/1000);
    }

    @Override
    public String toString() {
        return "ClientUser [ip=" + ip + "]";
    }

    @Override
    public boolean equals(Object obj) {

        ClientUser _this=(ClientUser)obj;
        if(_this==null)
            return false;

        if(this.getIp().equalsIgnoreCase(_this.getIp()))
            return true;

        return false;
    }

}

原文出处:xwood -> http://www.xwood.net/_site_domain_/_root/5870/5874/t_c268346.html

打赏

如果此文对你有所帮助,请随意打赏鼓励作者^_^