Question

我正在使用bouncy来服务两个由两个独立进程（一个Ghost博客和一个Express Web应用程序）运营的网站。

bouncy(function(req, bounce) {
  if (req.headers.host === 'blogdomain.com' || req.headers.host === 'www.blogdomain.com') {
    // Fwd to blog
    bounce(2368);
  } else {
    // By default, fwd to express webapp
    bounce(8001);
  }
}).listen(80);

问题是请求到达博客和Web应用程序进程，就好像源自127.0.0.1。有没有办法保护IP？

编辑：遵循loganfsmyth的提案，但我只得到部分理想的行为。

网络应用是一个有角度的应用程序，我将快递应用程序设置为：

app.use(express.logger())

在日志中，客户端的IP仅针对某些请求正确显示。其余的仍然是127.0.0.1。日志样本：

192.168.178.39 - - [Sun, 09 Mar 2014 22:07:27 GMT] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Linux; Android 4.4.2; XT1032 Build/KLB20.9-1.10-1.24-1.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.136 Mobile Safari/537.36"
127.0.0.1 - - [Sun, 09 Mar 2014 22:07:27 GMT] "GET /css/bootstrap.css HTTP/1.1" 304 - "http://192.168.178.38/" "Mozilla/5.0 (Linux; Android 4.4.2; XT1032 Build/KLB20.9-1.10-1.24-1.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.136 Mobile Safari/537.36"
192.168.178.39 - - [Sun, 09 Mar 2014 22:07:27 GMT] "GET /css/bootswatch.min.css HTTP/1.1" 304 - "http://192.168.178.38/" "Mozilla/5.0 (Linux; Android 4.4.2; XT1032 Build/KLB20.9-1.10-1.24-1.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.136 Mobile Safari/537.36"
192.168.178.39 - - [Sun, 09 Mar 2014 22:07:27 GMT] "GET /css/font-awesome.min.css HTTP/1.1" 304 - "http://192.168.178.38/" "Mozilla/5.0 (Linux; Android 4.4.2; XT1032 Build/KLB20.9-1.10-1.24-1.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.136 Mobile Safari/537.36"
192.168.178.39 - - [Sun, 09 Mar 2014 22:07:27 GMT] "GET /bower_components/leaflet/dist/leaflet.css HTTP/1.1" 304 - "http://192.168.178.38/" "Mozilla/5.0 (Linux; Android 4.4.2; XT1032 Build/KLB20.9-1.10-1.24-1.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.136 Mobile Safari/537.36"
192.168.178.39 - - [Sun, 09 Mar 2014 22:07:27 GMT] "GET /css/main.css HTTP/1.1" 304 - "http://192.168.178.38/" "Mozilla/5.0 (Linux; Android 4.4.2; XT1032 Build/KLB20.9-1.10-1.24-1.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.136 Mobile Safari/537.36"
192.168.178.39 - - [Sun, 09 Mar 2014 22:07:27 GMT] "GET /bower_components/jquery/jquery.min.js HTTP/1.1" 304 - "http://192.168.178.38/" "Mozilla/5.0 (Linux; Android 4.4.2; XT1032 Build/KLB20.9-1.10-1.24-1.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.136 Mobile Safari/537.36"
127.0.0.1 - - [Sun, 09 Mar 2014 22:07:27 GMT] "GET /bower_components/angular/angular.js HTTP/1.1" 304 - "http://192.168.178.38/" "Mozilla/5.0 (Linux; Android 4.4.2; XT1032 Build/KLB20.9-1.10-1.24-1.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.136 Mobile Safari/537.36"
127.0.0.1 - - [Sun, 09 Mar 2014 22:07:27 GMT] "GET /bower_components/angular-cookies/angular-cookies.min.js HTTP/1.1" 304 - "http://192.168.178.38/" "Mozilla/5.0 (Linux; Android 4.4.2; XT1032 Build/KLB20.9-1.10-1.24-1.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.136 Mobile Safari/537.36"
127.0.0.1 - - [Sun, 09 Mar 2014 22:07:27 GMT] "GET /bower_components/angular-sanitize/angular-sanitize.min.js HTTP/1.1" 304 - "http://192.168.178.38/" "Mozilla/5.0 (Linux; Android 4.4.2; XT1032 Build/KLB20.9-1.10-1.24-1.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.136 Mobile Safari/537.36"
127.0.0.1 - - [Sun, 09 Mar 2014 22:07:27 GMT] "GET /bower_components/angular-bootstrap/ui-bootstrap-tpls.min.js HTTP/1.1" 304 - "http://192.168.178.38/" "Mozilla/5.0 (Linux; Android 4.4.2; XT1032 Build/KLB20.9-1.10-1.24-1.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.136 Mobile Safari/537.36"
127.0.0.1 - - [Sun, 09 Mar 2014 22:07:27 GMT] "GET /bower_components/angular-route/angular-route.min.js HTTP/1.1" 304 - "http://192.168.178.38/" "Mozilla/5.0 (Linux; Android 4.4.2; XT1032 Build/KLB20.9-1.10-1.24-1.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.136 Mobile Safari/537.36"
127.0.0.1 - - [Sun, 09 Mar 2014 22:07:27 GMT] "GET /js/ngapp.js HTTP/1.1" 304 - "http://192.168.178.38/" "Mozilla/5.0 (Linux; Android 4.4.2; XT1032 Build/KLB20.9-1.10-1.24-1.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.136 Mobile Safari/537.36"
...

此外，重新加载页面会导致相同的日志条目。我的意思是，第一页日志中出现的文件正确加载客户端的IP，而127.0.0.1出现的文件与页面重载案例中的文件完全相同。

Answer 1

使用bouncer之类的代理时，处理此问题的标准方法是使用X-Forwarded-For标题。

bounce(2368, {
    headers: {
        'X-Forwarded-For': req.socket.remoteAddress
    }
});

我不能说你的Ghost博客，但对于Express，你可以读取这样的IP：

// Tell express it is behind a proxy, so it is safe to read the header
// to get its IP.
app.set('trust proxy', true);

function(req, res){
    // Express will get the IP from the header, or use the connection
    // address if there is no header.
    console.log(req.ip);
}

如何保持req.ip有弹性

1 个答案: