当用户使用代理(Google数据保护程序等)时,浏览器会将X-Forwarded-For添加到客户端的真实IP地址到服务器.我们的负载均衡器将所有标头+客户端的IP地址作为X-Forwarded-For标头传递给nginx服务器.示例请求标头:
X-Forwarded-For: 1.2.3.4
X-Forwarded-Port: 80
X-Forwarded-Proto: http
Host: *.*.*.*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,tr;q=0.6
Save-Data: on
Scheme: http
Via: 1.1 Chrome-Compression-Proxy
X-Forwarded-For: 1.2.3.5
Connection: Keep-alive
有没有办法将两个X-Forwarded-For标头分别传递给php?
fastcgi_param HTTP_MERGED_X_FORWARDED_FOR $http_x_forwarded_for$_SERVER['HTTP_MERGED_X_FORWARDED_FOR']您可以访问所有的HTTP标头的$http_<header_name>变量.使用此变量时,nginx甚至会为您执行标头合并
CustomHeader: foo
CustomHeader: bar
获取转换为值:
foo, bar
因此,所有你需要做的就是通过这个变量到PHP 与fastcgi_param
fastcgi_param HTTP_MERGED_X_FORWARDED_FOR $http_x_forwarded_for
在你的nginx服务器块中:
location ~ \.php$ {
fastcgi_pass unix:run/php/php5.6-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTP_MERGED_X_FORWARDED_FOR $http_x_forwarded_for;
include fastcgi_params;
}
test.php的
<?php
die($_SERVER['HTTP_MERGED_X_FORWARDED_FOR']);
最后看看curl会发生什么:
curl -v -H 'X-Forwarded-For: 127.0.0.1' -H 'X-Forwarded-For: 8.8.8.8' http://localhost/test.php
给出以下回应:
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /test.php HTTP/1.1
> Host: localhost
> User-Agent: curl/7.47.0
> X-Forwarded-For: 127.0.0.1
> X-Forwarded-For: 8.8.8.8
>
< HTTP/1.1 200 OK
< Server: nginx/1.10.3 (Ubuntu)
< Date: Wed, 01 Nov 2017 09:07:51 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
<
* Connection #0 to host localhost left intact
127.0.0.1, 8.8.8.8
繁荣!你去了,你可以访问所有X-FORWARDED-FOR标题,作为逗号分隔的字符串$_SERVER['HTTP_MERGED_X_FORWARDED_FOR']
当然,您可以使用您想要的任何名称而不仅仅是HTTP_MERGED_X_FORWARDED_FOR.