Help & DocumentationCloud Load BalancerBest PractiseObtain Acutual IP for Layer 7 Load Balancing

Obtain Acutual IP for Layer 7 Load Balancing

Last updated: 2020-02-27 15:06:37

PDF

Contents:

Cloud Load Balancer's instructions on obtaining the real IP of the client

Both Layer-4 (TCP/UDP/TCP SSL) and Layer-7 (HTTP/HTTPS) services of CLB support obtaining the real IP, of the client directly on the backend CVM without additional configuration.

  • Layer-4 and Cloud Load Balancer, the source IP obtained on the backend CVM is the client IP.

  • Layer-7 Cloud Load Balancer, you can pass X-Forwarded-For or remote_addr Field to get the client IP directly. For the Access log of Layer-7 and Cloud Load Balancer, please see Store Access log to COS .

  • For CLB, no additional configuration is required on the back-end CVM to obtain the client IP.

  • For other Layer-7 Cloud Load Balancer services that have done SNAT, you need to configure them on the backend CVM, and then use X-Forwarded-For to obtain the real IP of the client.

The common options for application server configuration are described below.

IIS 6 Configuration Option

  1. Download and install the plugin F5XForwardedFor . Copy F5XForwardedFor.dll Under the x86\Release Or x64\Release Directory to a specific directory according to your own server operating system version, which is assumed to be C:\ISAPIFilters else:。 In addition, you should ensure that the IIS process has read access to the directory.
  2. Open the IIS manager, find the currently opened site, right-click on the site to select Properties And open the property page.
  3. In the property page, go to ISAPI Filter And click Add Button. The Add Window will appear. Switch to [ISAPI filter] on the property page, click "add", and the add window pops up.
  4. In the "Add" window, fill in "F5XForwardedFor" for "Filter Name", and the full path of F5XForwardedFor.dll For "Executable File" and then click OK .
  5. Restart the IIS server, waiting for the configuration to take effect.

IIS 7 Configuration Option

  1. Download and install the plugin F5XForwardedFor module. Copy F5XFFHttpModule.dll And F5XFFHttpModule.ini Under x86\Release Or x64\Release Directory to a specific directory according to your own server operating system version, which is assumed to be C: \F5XForwardedFor else:。 Make sure that the IIS process has read access to the directory.
  2. select IIS Server Option, and double-click the Module Feature.
  3. Click Configure Local Module .
  4. Click the Register Button in the pop-up box.
  5. Add the downloaded DLL file.
  6. After the file is added, check it and click OK .
  7. Add these two DLLs to "API and CGI Restrictions" and change their setting to "allow".
  8. Restart the IIS server, waiting for the configuration to take effect.

Apache Configuration Option

  1. Install apache third party module "mod_rpaf"
wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
tar zxvf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
/usr/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
  1. Modify the Apache configuration /etc/httpd/conf/httpd.conf , and add at the end:
LoadModule rpaf_module modules/mod_rpaf-2.0.so
RPAFenable On
RPAFsethostname On
RPAFproxy_ips ip address (this ip address is not the public network ip provided by the cloud load balancer, and the specific IP addresses can be viewed in the Apache log. Usually, there are two, both of which should be added)
RPAFheader X-Forwarded-For
  1. Restart apache after completing the adding.
/usr/sbin/apachectl restart

Nginx Configuration Option

  1. As a server, Nginx uses http_realip_module to get realip; since the default installation for Nginx does not include this module, you need to recompile Nginx to add-with-http_realip_module.
wget  http://nginx.org/download/nginx-1.14.0.tar.gz 
tar  zxvf nginx-1.14.0.tar.gz 
cd nginx-1.14.0
./configure --user=www --group=www --with-http_stub_status_module --without-http-cache --with-http_ssl_module --with-http_realip_module
make
make install
  1. Modify nginx.conf
vim /etc/nginx/nginx.conf

Modify the following red parts:

Fastcgi connect_timeout 300 Fastcgi send_timeout 300 Fastcgi read_timeout 300 Fastcgi buffer_size 64k Fastcgi buffers 4 64k Fastcgi busy_buffers_size 128k Fastcgi temp_file_write_size 128k;Set_real_ip_from IP address; (this IP address is not the public network ip provided by the cloud load balancer, and the specific ip address can be viewed in previous nginx log. If there are more than one, all of them should be added.) Real_ip_header Xmuri Formosa;
  1. Restart nginx
service nginx restart