Apache 使用 CDN 后获取用户 IP 的设置方法
当网站启用 CDN 会给获取访客 IP 带来障碍,由于多了个代理流程,故日志记录 IP 变为 CDN 的。基于 Apache 的网站要解决这个问题,需要使用 mod_remoteip 模块或第三方 mod_rpaf 模块,通过 HTTP 标头里的 X_FORWARDED_FOR 字段获取访客 IP,本文介绍前者设置方法。
加载 mod_remoteip 模块
Apache 2.4 开始自带此模块,可用下面命令检查(若 Yum 安装的则不用加 /etc/init.d/)。
# 查询 Apache 版本 /etc/init.d/httpd -v # 查询 Apache 编译信息(可查看 httpd.conf 配置文件等路径,之后修改要知道) /etc/init.d/httpd -V # 列出 Apache 加载模块(里面有 remoteip_module 就说明已启用 mod_remoteip 模块) /etc/init.d/httpd -t -D DUMP_MODULES # 查看 Apache 选项帮助 /etc/init.d/httpd -h
有些情况可能是安装了模块,但默认没有启用。这样可以通过查看 httpd.conf 配置文件确认,里面有下面这行则表示已安装 mod_remoteip 模块,取消行注释即可使之启用。
#LoadModule remoteip_module modules/mod_remoteip.so
安装 mod_remoteip 模块
Apache 2.2.x 版本没有自带该模块,需要手动安装。首先下载这个基于 Apache 2.4.1 移植的 mod_remoteip 模块文件。如果是 Apache 高版本安装则下载对应版本(版本不同安装可能会报错)。
wget https://raw.githubusercontent.com/ttkzw/mod_remoteip-httpd22/master/mod_remoteip.c
安装 httpd-devel 和 gcc 编译器以便稍后可以通过 apxs 扩展工具安装 Apache 模块。
yum -y install httpd-devel gcc gcc-c++
运行下面命令安装 mod_remoteip 模块(其中参数选项含义可查阅此文档)。
apxs -i -a -c mod_remoteip.c
创建 httpd-remoteip.conf 配置文件
在 Apache 扩展目录下创建 remoteip 配置文件。之前有介绍如何查看 Apache 目录路径。
vi /usr/local/apache/conf/extra/httpd-remoteip.conf
内容如下。首行指定代理 IP Header名,次行设置信任的 IP 地址和范围(多个用空格隔开。CloudFlare CDN IP 列表可在这获取)
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 173.245.48.0/20 103.21.244.0/22 ...
如果要添加的 CDN IP 太多,可用 RemoteIPInternalProxyList 指向一个 IP 列表文件(里面用空格或换行分隔)。
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxyList conf/cloudflare_ip.lst
如果用这种方式,附一个自动更新 CloudFlare CDN IP 列表文件脚本,内容如下。
#!/usr/bin/env bash
echo "# CloudFlare Proxy IP;" > /usr/local/apache/conf/cloudflare_ip.lst;
for i in `curl https://www.cloudflare.com/ips-v4`; do
echo "$i" >> /usr/local/apache/conf/cloudflare_ip.lst;
done
for i in `curl https://www.cloudflare.com/ips-v6`; do
echo "$i" >> /usr/local/apache/conf/cloudflare_ip.lst;
done
echo "# End;" >> /usr/local/apache/conf/cloudflare_ip.lst;
创建后chmod +x ./update_cloudflare_ip.sh赋予脚本可执行权限。然后crontab -e添加定期任务,例如每星期上午 6 点运行一次。
0 6 * * 1 /bin/bash /root/update_cloudflare_ip.sh > /dev/null
也可以使用 RemoteIPProxiesHeader 从指定字段获取信任 CDN IP,这样不用设置指定代理 IP。更多 Apache mod_remoteip 选项参数介绍可参考这个文档。
RemoteIPHeader X-Forwarded-For RemoteIPProxiesHeader X-Forwarded-By
编辑 httpd.conf 配置文件
先确认 httpd.conf 里已设置加载 mod_remoteip 模块,参数如下。
LoadModule remoteip_module modules/mod_remoteip.so
在其下面添加一句,以链接上步创建的 mod_remoteip 配置文件。
Include conf/extra/httpd-remoteip.conf
再在文件里修改记录日志格式,使之记录访客 IP。搜索下面两行内容。
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
将里面的 %h 改为 %a(完整格式选项可查看此文档),修改后的内容如下。
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%a %l %u %t \"%r\" %>s %b" common
保存文件修改,/etc/init.d/httpd restart重启服务生效。
Hi, very nice website, cheers!
——————————————————
Need cheap and reliable hosting? Our shared plans start at $10 for an year and VPS plans for $6/Mo.
——————————————————
Check here: https://www.reliable-webhosting.com/
dapoxetine available in the us https://salemeds24.wixsite.com/dapoxetine
cnn hydroxychloroquine works https://hhydroxychloroquine.com/
ivermectin for scabies treatment https://ivermectin.mlsmalta.com/
side effects of vidalista 20 mg https://vidalista40mg.mlsmalta.com/
what’s the difference between cialis and viagra https://wisig.org/
compare priligy prices https://ddapoxetine.com/
order prescription drugs online without doctor https://edmeds.buszcentrum.com/
order prescription drugs online without doctor https://medpills.bee-rich.com/
albuterol sulfate dosage for adults https://amstyles.com/
hydroxychloroquine successful trials https://hydroxychloroquinee.com/
sarcoptic mange ivermectin dosage https://ivermectin1st.com/
what are some side effects of prednisone https://bvsinfotech.com/
side effects of cenforce for men http://cavalrymenforromney.com/
viagra no prescription http://viaaagra.com/
what states are using hydroxychloroquine https://hydroxychloroquine4u.com/
sildenafil without doctor prescription https://sildenafili.com/
cialis http://cialis.anafassia.com/
cialis cheap online pharmacy http://cialis.audiovideoninja.com/
cialis cheap online pharmacy https://cialis.advantagetriseal.com/
Great post here. One thing I would like to say is that most professional job areas consider the Bachelor Degree just as the entry level standard for an online college diploma. When Associate Degrees are a great way to get started on, completing ones Bachelors uncovers many doors to various professions, there are numerous on-line Bachelor Course Programs available from institutions like The University of Phoenix, Intercontinental University Online and Kaplan. Another issue is that many brick and mortar institutions give Online versions of their college diplomas but generally for a extensively higher payment than the institutions that specialize in online degree plans.
https://bit.ly/video-sex-amateur
http://vsdoxycyclinev.com/ – fast delivery on doxycyclene
alprostadil injection demonstration https://alprostadildrugs.com/ video of transurethral alprostadil admimistering
best place to buy generic viagra online buy viagra online canada
viagra over the counter walmart
generic tadalafil canada – tadalafil pill identifier buy generic tadalafil online
Hvzinr – provigil cost Vqclrh cfbslv
tadalafil generic https://elitadalafill.com/ tadalafil generic
cheap ed pills from canada the canadian drugstore
cheap ed pills from india
treatment for erectile dysfunction cheap ed pills from canada
best male enhancement pills
buy ed pills from canada cheap medication online
ed pills without a doctor prescription
sildenafil citrate https://eunicesildenafilcitrate.com/ buy sildenafil from canada
vardenafil dosage maximum https://vegavardenafil.com/ vilitra 60mg vardenafil
Kcmytj – tadalafil troche Lviitz hqoqae
Türkiyenin en iyi sosyal medya danışman sitesi olan takipcisatinalin.org ile
hemen instagram takipçi satın al fenomen ol!
My blog post instagram ucuz takipçi
I could not resist commenting. Perfectly written!
My web page … instagram takipci satin al
Good day I am so thrilled I found your webpage,
I really found you by mistake, while I was searching on Aol
for something else, Nonetheless I am here now and would just like to say thanks a lot
for a tremendous post and a all round enjoyable blog (I also love the theme/design), I don’t have time to read
it all at the moment but I have bookmarked it and also included your RSS feeds, so when I have time I will be back to read more, Please do keep up the fantastic work.
Visit my web page :: shell download