Haproxy反向代理的Apache服务器，获取客户端真实IP地

作者: Hi_One | 来源:发表于2017-11-15 17:06 被阅读64次

反向代理，后端Apache获取真实IP地址
NGINX反向代理负载均衡
Haproxy反向代理的Apache服务器，获取客户端真实IP地
nginx获取请求真实IP
Java中的代理
服务器如何获取请求IP
Nginx反向代理找不到服务器问题
nginx 反向代理情况下开启 GZIP 压缩
六、动静分离
nginx 学习

1.修改Haproxy配置文件

vim /etc/haproxy/haproxy.cfg
#在frontend段添加
option forwardfor
#使用forwardfor后，Haproxy会向每个发往后端真实服务器的请求添加X-Forwarded-For记录，这样后端真实服务器日志可以通过X-Forwarded-For信息来记录客户端来源IP

#重启haproxy服务。
systemctl restart haproxy

2.在服务端添加第三方模块mod_rpaf
apache2.4版本

wget http://mirror.trouble-free.net/sources/mod_rpaf-0.6.tar.gz 
tar xzvf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
vim mod_rpaf-2.0.c.patch
--- mod_rpaf-2.0.c.org 

  2012-05-17 12:05:34.082130109 +0900
+++ mod_rpaf-2.0.c      2012-05-17 12:16:41.648138252 +0900
@@ -147,8 +147,8 @@
 
 static apr_status_t rpaf_cleanup(void *data) {
     rpaf_cleanup_rec *rcr = (rpaf_cleanup_rec *)data;
-    rcr->r->connection->remote_ip   = apr_pstrdup(rcr->r->connection->pool, rcr->old_ip);
-    rcr->r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(rcr->r->connection->remote_ip);
+    rcr->r->connection->client_ip   = apr_pstrdup(rcr->r->connection->pool, rcr->old_ip);
+    rcr->r->connection->client_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(rcr->r->connection->client_ip);
     return APR_SUCCESS;
 }
 
@@ -161,7 +161,7 @@
     if (!cfg->enable)
         return DECLINED;
 
-    if (is_in_array(r->connection->remote_ip, cfg->proxy_ips) == 1) {
+    if (is_in_array(r->connection->client_ip, cfg->proxy_ips) == 1) {
         /* check if cfg->headername is set and if it is use
            that instead of X-Forwarded-For by default */
         if (cfg->headername && (fwdvalue = apr_table_get(r->headers_in, cfg->headername))) {
@@ -180,11 +180,11 @@
                 if (*fwdvalue != '\0')
                     ++fwdvalue;
             }
-            rcr->old_ip = apr_pstrdup(r->connection->pool, r->connection->remote_ip);
+            rcr->old_ip = apr_pstrdup(r->connection->pool, r->connection->client_ip);
             rcr->r = r;
             apr_pool_cleanup_register(r->pool, (void *)rcr, rpaf_cleanup, apr_pool_cleanup_null);
-            r->connection->remote_ip = apr_pstrdup(r->connection->pool, ((char **)arr->elts)[((arr->nelts)-1)]);
-            r->connection->remote_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(r->connection->remote_ip);
+            r->connection->client_ip = apr_pstrdup(r->connection->pool, ((char **)arr->elts)[((arr->nelts)-1)]);
+            r->connection->client_addr->sa.sin.sin_addr.s_addr = apr_inet_addr(r->connection->client_ip);
             if (cfg->sethostname) {
                 const char *hostvalue;
                 if (hostvalue = apr_table_get(r->headers_in, "X-Forwarded-Host")) {
wq!

yum -y install httpd-devel patch
patch <mod_rpaf-2.0.c.patch
apxs -c -i -a mod_rpaf-2.0.c

#添加配置文件
vim /etc/httpd/conf.d/mod_rpaf.conf
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
RPAFheader X-Forwarded-For
wq!

#重启apache
systemctl restart httpd