This topic describes how to obtain the real IP addresses of clients that attempt to access an application after it is integrated into GameShield.

Background information

GameShield adopts the FullNat proxy mode. After receiving a request from a client, GameShield replaces the IP address of the client with the IP address of GameShield. This topic provides a solution for obtaining the real IP address of a client.

Implementation

GameShield uses the options field of a Transmission Control Protocol (TCP) packet to store and transfer the IP address of a client. In most cases, this method is called TCP Options Address (TOA). The TOA method is provided by GameShield. You can only obtain the IP address of a client after integrating a TOA module to an origin server. You can integrate a TOA module by using application hooks. No code change is required.
  • Linux

    Use application hooks to integrate a TOA module. For more information, see Linux.

  • Windows

    Windows provides application hooks for some applications to integrate a TOA module. For more information, see Windows.

Deployment of origin servers

Scenario Supported architecture Unsupported architecture
Obtain the real IP address of a client when the client transfers data over TCP
  • Data flows from GameShield to Alibaba Cloud Elastic Compute Service (ECS) instances that host origin servers or to third-party origin servers.
  • Data flows from GameShield and distributed at Layer 4 by using Alibaba Cloud Server Load Balancer (SLB). Data is then forwarded to Alibaba Cloud ECS instances that host origin servers.
Data flows from GameShield and distributed at Layer 4 by using third-party load balancing services. Data is then forwarded to third-party origin servers.
Obtain the real IP address of a client when the client transfers data over HTTP or HTTPs
  • Data flows from GameShield to Alibaba Cloud ECS instances that host origin servers or to third-party origin servers.
  • Data flows from GameShield and distributed at Layer 4 by using Alibaba Cloud SLB to Alibaba Cloud ECS instances that host origin servers.
  • Data flows from GameShield to Web Application Firewall (WAF) or Anti-DDoS Pro and distributed at Layer 7 by using Alibaba Cloud SLB. Data is then forwarded to Alibaba Cloud ECS instances that host origin servers.
  • Data flows from GameShield and distributed at Layer 4 or Layer 7 by using third-party load balancing services. Data is then forwarded to third-party origin servers.
Note Based on Layer 4 data forwarding, GameShield does not manage HTTPS certificates. GameShield cannot retrieve data details that are contained in a HTTPS data stream. When a client accesses GameShield over HTTP or HTTPS, GameShield retrieves the real IP address of the client by using a TOA module that is installed on an origin server. You cannot obtain the real IP address of a client from the X-Forwarded-For (XFF) header field of an HTTP or HTTPS request.