When an HTTP request goes through a layer-7 proxy, the source IP of this packet is modified with the proxy IP, instead of the real IP of the client (client IP). Practically, the client IP is often written into the
x-forwarded-for field in the HTTP head field, as shown in the following figure.
The Alibaba Cloud WAF works as follows.
Suppose that WAF protects the domain “www.abc.com”. Generally, packets from the client follow the
Client browser > WAF > Original server (Apache/Nginx/IIS and so on) path. In this architecture, WAF acts as a reverse proxy between the client and original server.
However, in a network architecture containing multiple proxies (for example, CDN and Anti-DDoS Pro), multiple IP addresses get added to the
x-forwarded-for field. This is because each proxy adds on the client IP, or the last proxy IP.
With this, the
x-forwarded-for field may appear as
X-Forwarded-For: Client IP, Proxy 1, Proxy 2, Proxy 3, .... Where, the client IP still occupies the first address position in the
Follow these steps to obtain the real IP address of a client:
Send a request command for the
The following are examples of request commands for several common languages.
Separate the output
x-forwarded-forwith commas. The first derived IP address is the client IP.