後端Apache日誌獲取前端Nginx反向代理的真實IP地址

php查看客戶訪問真實地址代碼

<?php
function real_ip()
{
    static $realip = NULL;
    if ($realip !== NULL)
    {
        return $realip;
    }
 
    if (isset($_SERVER))
    {
        if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
        {
            $arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
 
            /* 取X-Forwarded-For中第一個非unknown的有效IP字符串 */
            foreach ($arr AS $ip)
            {
                $ip = trim($ip);
 
                if ($ip != 'unknown')
                {
                    $realip = $ip;
 
                    break;
                }
            }
        }
        elseif (isset($_SERVER['HTTP_CLIENT_IP']))
        {
            $realip = $_SERVER['HTTP_CLIENT_IP'];
        }
        else
        {
            if (isset($_SERVER['REMOTE_ADDR']))
            {
                $realip = $_SERVER['REMOTE_ADDR'];
            }
            else
            {
                $realip = '0.0.0.0';
            }
        }
    }
    else
    {
        if (getenv('HTTP_X_FORWARDED_FOR'))
        {
            $realip = getenv('HTTP_X_FORWARDED_FOR');
        }
        elseif (getenv('HTTP_CLIENT_IP'))
        {
            $realip = getenv('HTTP_CLIENT_IP');
        }
        else
        {
            $realip = getenv('REMOTE_ADDR');
        }
    }
    preg_match("/[\d\.]{7,15}/", $realip, $onlineip);
    $realip = !empty($onlineip[0]) ? $onlineip[0] : '0.0.0.0';
    return $realip;
}
echo real_ip();
?>

nginx配置文件cat test.test.net.conf

log_format  test.test.net  '$remote_addr - $remote_user [$time_local] $request' '$status $body_bytes_sent $http_referer' '$http_user_agent $http_x_forwarded_for $upstream_cache_status';
server
    {
        listen       5555;
        server_name test.test.net;

        location / {

            proxy_connect_timeout 600s;
            proxy_read_timeout  600s;
            proxy_send_timeout  600s;

            proxy_buffer_size   32000k;
            proxy_buffers       1000 64000k;
            proxy_busy_buffers_size 128000k;
            proxy_temp_file_write_size 512000k;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header REMOTE-HOST $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_pass http://test.test.net:60081;

        }

        access_log  /usr/local/nginx/logs/test.test.net-access.log  test.test.net;

}

apache配置httpd.conf

添加%{X-FORWARDED-FOR}i

Apache日誌配置文件中定義了兩種打印格式，分別爲combined格式和common格式。

本人使用combined格式

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h ClinetIp:%{X-FORWARDED-FOR}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b %{X-FORWARDED-FOR}i" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog "logs/access_log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    #CustomLog "logs/access_log" combined
</IfModule>

虛擬機配置

<VirtualHost *:60081>
    ServerAdmin systemadmin@test.net
    ServerName test.test.net
    DocumentRoot /home/w/html/test
    ErrorLog "/home/w/html/test/test.test.net-error_log"
    CustomLog "/home/w/html/test/test.test.net-access_log" combined
</VirtualHost>

訪問頁面返回日誌

網關IP:192.168.15.100

客戶訪問IP:192.168.15.101

192.168.15.100 ClinetIp:192.168.15.101 - - [12/Feb/2018:21:39:05 -0500] "GET / HTTP/1.0" 200 17 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0.3 Safari/604.5.6"

 

---

 

Apache日誌格式

日誌格式

Apache日誌配置文件中定義了兩種打印格式，分別爲combined格式和common格式。

combined格式：

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

common格式：

LogFormat "%h %l %u %t \"%r\" %>s %b" common

聲明使用了combined日誌格式和寫入的文件名。

CustomLog "/var/log/apache2/access_log" combined

字段說明

字段格式	含義
%a	remote_ip
%A	local_ip
%B	size
%b	size
%D	time_taken_ms
%h	remote_host
%H	protocol
%l	ident
%m	method
%p	port
%P	pid
“%q”	url_query
“%r”	request
%s	status
%>s	status
%t	time
%T	time_taken
%u	remote_user
%U	url_stem
%v	server_name
%V	canonical_name
%I	bytes_received
%O	bytes_sent
“%{User-Agent}i”	user_agent
“%{Referer}i”	referer

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

日誌樣例

192.168.1.2 - - [02/Feb/2016:17:44:13 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "http://localhost/x1.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36"