All layer-4 (TCP/UDP/TCP SSL) and layer-7 (HTTP/HTTPS) CLB services support getting a real client IP directly on a backend CVM instance with no additional configuration required.
X-Forwarded-For
or remote_addr
field to directly get the client IP. For the access logs of layer-7 CLB, see Configuring Access Logs. Note:
- For layer-4 CLB, the client IP can be directly obtained with no additional configuration required on the backend CVM instance.
- For other layer-7 load balancing services with SNAT enabled, you need to configure the backend CVM instance and then use
X-Forwarded-For
to get the real client IP.
Below are commonly used application server configuration schemes.
F5XForwardedFor.dll
in the x86\Release
or x64\Release
directory based on your server operating system version to a certain directory (such as C:\ISAPIFilters
in this document), and make sure that the IIS process has read permission to this directory.F5XForwardedFor.dll
for "Executable" and then click OK.F5XFFHttpModule.dll
and F5XFFHttpModule.ini
in the x86\Release
or x64\Release
directory based on your server operating system version to a certain directory (such as C:\x_forwarded_for
in this document), and make sure that the IIS process has read permission to this directory.Install the third-party Apache module "mod_rpaf".
wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
tar zxvf mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
/usr/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
Modify the Apache configuration /etc/httpd/conf/httpd.conf
by adding the following to the end of the file:
LoadModule rpaf_module modules/mod_rpaf-2.0.so
RPAFenable On
RPAFsethostname On
RPAFproxy_ips IP address (this is not the public IP provided by CLB. For the specific IP, query the Apache logs. Generally, there are two IP addresses and you need to enter both of them)
RPAFheader X-Forwarded-For
After adding the above content, restart Apache.
/usr/sbin/apachectl restart
You can use http_realip_module
to get the real client IP when Nginx is used as the server. However, this module is not installed in Nginx by default, and you need to recompile Nginx to add --with-http_realip_module
.
yum -y install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel
wget http://nginx.org/download/nginx-1.17.0.tar.gz
tar zxvf nginx-1.17.0.tar.gz
cd nginx-1.17.0
./configure --prefix=/path/server/nginx --with-http_stub_status_module --without-http-cache --with-http_ssl_module --with-http_realip_module
make
make install
Modify the nginx.conf
file.
vi /etc/nginx/nginx.conf
Modify the configuration fields and information in red as follows:
Note:Here, you need to change
xx.xx.xx.xx
to the actual IP address (not the public IP provided by CLB). For the specific IP address, query the previous Nginx logs. You need to enter all IP addresses if there are multiple ones.
fastcgi connect_timeout 300; fastcgi send_timeout 300; fastcgi read_timeout 300; fastcgi buffer_size 64k; fastcgi buffers 4 64k; fastcgi busy_buffers_size 128k; fastcgi temp_file_write_size 128k; set_real_ip_from xx.xx.xx.xx; real_ip_header X-Forwarded-For;
service nginx restart
cat /path/server/nginx/logs/access.log
Was this page helpful?