edit-icon download-icon

Obtain the real IP address of the client

Last Updated: Dec 05, 2017

Introduction to the function of obtaining IP address

Alibaba Cloud Server Load Balancer provides the function of obtaining the real IP address of the client and this function is enabled by default.

  • For the Layer-4 load balancing service (TCP protocol), listeners distribute client requests to backend ECS servers without modifying the request headers. Therefore, you can obtain the real IP address from the backend ECS servers without additional configurations.

  • For the Layer-7 load balancing service (HTTP/HTTPS protocol), you have to configure the application servers, and then use the X-Forwarded-For header to obtain the real IP addresses of the clients.

    Note: For the HTTPS load balancing service, the SSL certificates are configured in front-end listeners, the backend still uses the HTTP protocol. Therefore, the configurations on application servers are the same for HTTP and HTTPS protocols.

    Obtain Real IP Address

Configure web applications

This section introduces some common methods used to configure web applications.

Configure IIS7/IIS8

  1. Download and extract the F5XForwardedFor.

  2. Copy the F5XFFHttpModule.dll and F5XFFHttpModule.ini files from the extracted folder to a folder, such as C:\F5XForwardedFor\. Make sure that the IIS process has the write permission to this folder.

  3. Open the IIS Manager, and then double-click the Modules function.

    Modules

  4. Click Configure Native Modules, and then click Register.

    Register

  5. Add the copied the .dll file.

    Add DLL file

  6. Add the ISAPI and CGI restrictions for the .dll file and set the restriction to Allowed.

    Make sure that you have installed the ISAPI and CGI applications.

    ISAPI and CGI restriction

  7. Restart the IIS Manager.

Configure Apache

  1. Run the following command to install the mod_rpaf module.

    1. wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
    2. tar zxvf mod_rpaf-0.6.tar.gz
    3. cd mod_rpaf-0.6
    4. /alidata/server/httpd/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
  2. Open the /alidata/server/httpd/conf/httpd.conf file and add the following information at the end of the content.

    1. LoadModule rpaf_module modules/mod_rpaf-2.0.so
    2. RPAFenable On
    3. RPAFsethostname On
    4. RPAFproxy_ips IP_address
    5. RPAFheader X-Forwarded-For

    RPAFproxy_ips: the IP address is not the IP address of the Server Load Balancer instance. Check the Apache log to find the IP address, usually both the two IP addresses are entered.

  3. Run the following command to restart the Apache server.

    1. /alidata/server/httpd/bin/apachectl restart

Configure Nginx

  1. Run the following command to install http_realip_module.

    1. wget http://nginx.org/download/nginx-1.0.12.tar.gz
    2. tar zxvf nginx-1.0.12.tar.gz
    3. cd nginx-1.0.12
    4. ./configure --user=www --group=www --prefix=/alidata/server/nginx --with-http_stub_status_module --without-http-cache --with-http_ssl_module --with-http_realip_module
    5. make
    6. make install
    7. kill -USR2 `cat /alidata/server/nginx/logs/nginx.pid`
    8. kill -QUIT `cat /alidata/server/nginx/logs/ nginx.pid.oldbin`
  2. Run the following command to open the nginx.conf file.

    vi /alidata/server/nginx/conf/nginx.conf

  3. Find the following content and add the required information after it.

    1. fastcgi connect_timeout 300;
    2. fastcgi send_timeout 300;
    3. fastcgi read_timeout 300;
    4. fastcgi buffer_size 64k;
    5. fastcgi buffers 4 64k;
    6. fastcgi busy_buffers_size 128k;
    7. fastcgi temp_file_write_size 128k;

    The information to be added:

    1. set_real_ip_from IP_address
    2. real_ip_header X-Forwarded-For;

    set_real_ip_from IP: the IP address is not the IP address of the Server Load Balancer instance. Check the Nginx log to find the IP address, usually both the two IP addresses are entered.

  4. Run the following command to restart the Nginx server.

    /alidata/server/nginx/sbin/nginx -s reload

Thank you! We've received your feedback.