Help & DocumentationCloud Load BalancerBest PractiseObtain Acutual IP for Layer 7 Load Balancing

Obtain Acutual IP for Layer 7 Load Balancing

Last updated: 2018-06-12 17:29:58

PDF
  • As Layer-4 cloud load balance (TCP protocol) can directly access the real IP address of the visitor on the backend CVM, and no additional configuration is required. The following description is only for Layer-7 (HTTP protocol) cloud load balance.
  • Layer-7 cloud load balance system provides X-Forwarded-For method to obtain the visitor's real IP, which is enabled by default.

The common options for application server configuration are described below.

1. IIS 6 Configuration Option

1) Install the plugin F5XForwardedFor.dll. Copy F5XForwardedFor.dll under the x86\Release or x64\Release directory to a specific directory according to your own server operating system version, which is assumed to be C:\ISAPIFilters here. In addition, you should ensure that the IIS process has read access to the directory.

2) Open the IIS manager, find the currently opened site, right-click on the site to select "Properties" and open the property page.

3) In the property page, go to "ISAPI Filter" and click "Add" button. The "Add" window will appear.

4) In the "Add" window, fill in "F5XForwardedFor" for "Filter Name", and the full path of F5XForwardedFor.dll for "Executable File" and then click OK.

5) Restart IIS server, waiting for the configuration to take effect.

2. IIS 7 Configuration Option

1) Download and install the plugin F5XForwardedFor module. Copy F5XFFHttpModule.dll and F5XFFHttpModule.ini under x86\Release or x64\Release directory to a specific directory according to your own server operating system version, which is assumed to be C: \F5XForwardedFor here. Make sure that the IIS process has read access to the directory.

2) Select "IIS Server" option, and select the "Module" function.

3) Double-click the "Module" function, and click "Configure Local Module".

4) Click the "Register" button in the pop-up box.

5) Add the downloaded DLL file.

6) After the file is added, check it and click "OK".

7) Add these two DLLs to "API and CGI Restrictions" and change their setting to "allow".

8) Restart the IIS server, waiting for the configuration to take effect.

3. Apache Configuration Option

1) Install apache third party module "mod_rpaf"

wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
tar zxvf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
/usr/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

2) Modify the apache configuration/etc/httpd/conf/httpd.conf, and add at the end:

LoadModule rpaf_module modules/mod_rpaf-2.0.so
RPAFenable On
RPAFsethostname On
RPAFproxy_ips ip address (this ip address is not the public network ip provided by the cloud load balancer, and the specific ip addresses can be viewed in the apache log. Usually, there are two, both of which should be added)
RPAFheader X-Forwarded-For

3) Restart apache after completing the adding

/usr/sbin/apachectl restart

4. Nginx Configuration Option

1) As cloud load balancer, Nginx uses http_realip_module to get real ip; since the default installation for Nginx does not include this module, you need to recompile Nginx to add --with-http_realip_module:

wget http://soft.phpwind.me/top/nginx-1.0.12.tar.gz
tar zxvf nginx-1.0.12.tar.gz
cd nginx-1.0.12
./configure --user=www --group=www --with-http_stub_status_module --without-http-cache --with-http_ssl_module --with-http_realip_module
make
make install

2) Modify nginx.conf

vi /etc/nginx/nginx.conf

Modify the following red parts:

  
fastcgi connect_timeout 300;
fastcgi send_timeout 300;
fastcgi read_timeout 300;
fastcgi buffer_size 64k;
fastcgi buffers 4 64k;
fastcgi busy_buffers_size 128k;
fastcgi temp_file_write_size 128k;

set_real_ip_from ip address; (this ip address is not the public network ip provided by the cloud load balancer, and the specific ip address can be viewed in previous nginx log. If there are more than one, all of them should be added.)
Real_ip_header X-Forwarded-For;
 


3) Restart nginx

service nginx restart