超哥 通过配置nginx的proxy_set_header解决无法正确获取客户端访问ip地址总显示127.0.0.1
文章目录
[隐藏]
- 一、前言
- 二、解决方法
- 三、黑名单代码分享
一、前言
为了防止本站资源(小木人印象www.xwood.net)被恶意下载,最近实现安全控制模块-通过分析用户访问IP地址在有效时间内的对本站资源合理下载量,作为黑名单规则,但是发现获取通过之前HttpClientIpUtils工具类获取的ip地址都是127.0.0.1,无法获取终端访问用户有效的ip地址,导致黑名单库无法创建。
二、解决方法
由于nginx配置服务端的反向代理导致,之前反向配置如下
location ^~/open-api/{ proxy_pass http://127.0.0.1:8080/openapi/; } 应该调整配置为如下(增加配置项proxy_set_header x-forwarded-for $remote_addr;)
location ^~/open-api/{ proxy_pass http://127.0.0.1:8080/openapi/; proxy_set_header x-forwarded-for $remote_addr; } 三、黑名单代码分享
1、访问客户端安全控制类ClientUserController,代码如下
public class ClientUserController { private static final Logger logger = Logger.getLogger(ClientUserController.class); private static ConcurrentMap<String,ClientUser> downloadUsers=new ConcurrentHashMap<String,ClientUser>(); private static List<String> blackIplist=new CopyOnWriteArrayList<String>(); //12小时最大下载量 private static int maxDayDownloadTimes=1000; //验证期限 private static long validTimeSec=12*60*60; public static void register(String ip){ if(StringUtils.isEmpty(ip)||"127.0.0.1".equalsIgnoreCase(ip)) return ; if(!isPermission(ip)) return ; if(downloadUsers.containsKey(ip)){ downloadUsers.get(ip).setDownloadTimes(downloadUsers.get(ip).getDownloadTimes()+1); logger.info(" downloadUser login --------------:"+ip+" times----------------:"+downloadUsers.get(ip).toString()); }else{ downloadUsers.put(ip,new ClientUser(ip)); logger.info(" New downloadUser register --------------:"+ip+" times----------------:1"); } } public static boolean isPermission(String ip){ if(StringUtils.isEmpty(ip)){ logger.info(" downloadUser isPermission false,becase you have't clientIp <<<<<<<<<<<<<<<<<<<<<<<< "); return false; } if("127.0.0.1".equalsIgnoreCase(ip)){ logger.info(" downloadUser can't get ip ; ======================================== 127.0.0.1 "); return true; } if(blackIplist.contains(ip)){ logger.info(" downloadUser@"+ip+"@ is danger downloadUser !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! "); logger.info(" downloadUser@"+ip+"@ is danger downloadUser !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! "); logger.info(" downloadUser@"+ip+"@ is danger downloadUser !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! "); return false; } if(downloadUsers.containsKey(ip)){ ClientUser checkClientUser=downloadUsers.get(ip); if(System.currentTimeMillis()-checkClientUser.getLastTime()>=validTimeSec){ if(checkClientUser.getDownloadTimes()>=maxDayDownloadTimes){ blackIplist.add(ip); logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! "); logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! "); logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! "); return false; }else{ downloadUsers.remove(ip); } }else{ if(checkClientUser.getDownloadTimes()>=maxDayDownloadTimes){ blackIplist.add(ip); logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! "); logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! "); logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! "); logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! "); logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! "); logger.info(" downloadUser@"+ip+"@ add to blacklist !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! "); return false; } } } return true; } } 2、客户端用户类ClientUser,代码如下
public class ClientUser { private String ip; private Integer downloadTimes=1; private Long lastTime; public ClientUser() { super(); lastTime=System.currentTimeMillis(); } public ClientUser(String ip) { super(); this.ip = ip; lastTime=System.currentTimeMillis(); } public String getIp() { return ip; } public void setIp(String ip) { this.ip = ip; } public Integer getDownloadTimes() { return downloadTimes; } public void setDownloadTimes(Integer downloadTimes) { this.downloadTimes = downloadTimes; } public Long getLastTime() { return lastTime; } public void setLastTime(Long lastTime) { this.lastTime = lastTime; } public static void main(String[] args) throws Exception{ ClientUser u=new ClientUser(); u.lastTime=System.currentTimeMillis(); Thread.sleep(2000); System.out.println((System.currentTimeMillis()-u.lastTime)/1000); } @Override public String toString() { return "ClientUser [ip=" + ip + "]"; } @Override public boolean equals(Object obj) { ClientUser _this=(ClientUser)obj; if(_this==null) return false; if(this.getIp().equalsIgnoreCase(_this.getIp())) return true; return false; } } 原文出处:xwood -> http://www.xwood.net/_site_domain_/_root/5870/5874/t_c268346.html
本站所发布的一切资源仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。本站信息来自网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑中彻底删除上述内容。如果您喜欢该程序,请支持正版软件,购买注册,得到更好的正版服务。如果侵犯你的利益,请发送邮箱到 [email protected],我们会很快的为您处理。
