鍦↙aravel涓紝閫氬父浣跨敤Illuminate\Http\Request::ip()鏂规硶鏉ヨ幏鍙栧鎴风鐨処P鍦板潃銆備絾鏄紝鍦ㄦ煇浜涙儏鍐典笅锛屽畠寰楀埌鐨勭粨鏋滃彲鑳戒笉鏄綘鎵€鏈熸湜鐨勩€傝繖浜涙儏鍐靛寘鎷細鎮ㄧ殑搴旂敤绋嬪簭閮ㄧ讲鍦ㄨ礋杞藉潎琛″櫒鍚庨潰锛屾偍鐨勫簲鐢ㄧ▼搴忎娇鐢–DN鏉ュ姞閫熸偍鍦ㄥ叾浠栧弽鍚戜唬鐞嗗悗闈㈢殑搴旂敤绋嬪簭閮ㄧ讲銆傛垜鎬庢牱鎵嶈兘寰楀埌姝g‘鐨処P锛熷湪Laravel涓彲浠ヤ娇鐢╢ideloper/proxy鎵╁睍鍖呮潵瑙e喅锛堟湰鏂囧彧璁ㄨLaravel5.5鍙婁箣鍚庣増鏈殑鎯呭喌锛屽洜涓篖aravel浠庤繖涓増鏈紑濮嬮粯璁ら泦鎴愪簡鎵╁睍鍖咃級銆傚畠鎻愪緵浜嗕竴涓悕涓篈pp\Http\Middleware\TrustedProxies鐨勪腑闂翠欢锛屽彲浠ュ府鍔╂偍璁剧疆鍙俊浠g悊銆傛瘮濡備綘鐨勮礋杞藉潎琛℃湇鍔″櫒鐨処P鏄?92.168.1.1锛岄偅涔堜綘鍙渶瑕佸湪$proxies灞炴€т腑閰嶇疆杩欎釜IP锛?***杩欎釜搴旂敤绋嬪簭鐨勫彲淇′唬鐞嗐€?*@vararray|string*/protected$proxies='192.168.1.1';鏈夋湅鍙嬩細闂紝鎴戠殑璐熻浇鍧囪 鏈嶅姟鍣↖P涓嶅浐瀹氭€庝箞鍔烇紙姣斿AWSELB锛夛紵杩欑鎯呭喌涔熸槸鍙互瑙e喅鐨勶紝浣嗘槸闇€瑕侀潪甯歌皑鎱庛€傞鍏堬紝鎮ㄩ渶瑕佸皢鎮ㄧ殑搴旂敤绋嬪簭鏈嶅姟鍣ㄩ厤缃负涓嶅搷搴斾换浣曢潪璐熻浇骞宠 璇锋眰銆傝繖鏍峰仛鐨勭洰鐨勬槸涓轰簡涓ユ牸鎺у埗璇锋眰鐨勬潵婧愶紝淇濊瘉鎺ユ敹鍒扮殑璇锋眰鏄彲淇$殑锛堟瘮濡傚彲浠ラ€氳繃鍦ˋWS涓缃畨鍏ㄧ粍鏉ュ疄鐜帮級銆傜劧鍚庡皢$proxies璁剧疆涓?锛岃〃绀哄缁堜俊浠绘潵鑷笂灞備唬鐞嗙殑浼犲叆璇锋眰銆傚綋鐒讹紝$proxies涔熷彲浠ユ槸涓€涓暟缁勩€傚鏋滀綘鏈夊灞傚弽鍚戜唬鐞嗭紝浣犻渶瑕侀厤缃涓狪P鍦板潃銆傝繖閲岀殑IP鍙互鏄疘Pv4涔熷彲浠ユ槸IPv6锛屽彲浠ヤ娇鐢–IDR鏍峰紡鐨処P鑼冨洿锛屾瘮濡傦細144.220.0.0/16銆傛垜鑷繁鎺ユ墜杩囦竴涓」鐩紝瀹冪殑鍙嶅悜浠g悊姣斾笂闈㈢殑鎯呭喌瑕佸鏉傦細鎴戜滑鐨勫簲鐢ㄩ儴缃插湪澶氫釜AWS浜戞湇鍔″櫒瀹炰緥涓婏紝璐熻浇鐢盓LB鍧囪 銆傜敱浜庨」鐩湁鍏ㄥ眬璁块棶闇€姹傦紝鎴戜滑鍦‥LB鍓嶇涔熶娇鐢ㄤ簡CloudFront杩涜CDN鍔犻€熴€備笂闈㈣浜咵LB鐨処P鏄笉鍥哄畾鐨勶紝CloudFront鐨処P涔熸槸涓嶅浐瀹氱殑銆傞壌浜庤繖绉嶆儏鍐碉紝鎴戜滑鍙兘涓€涓€鍒嗘瀽銆傚浜嶦LB灞傦紝鎴戜滑浣跨敤鎺у埗璇锋眰婧愬苟灏?proxies璁剧疆涓?銆傝嚦浜嶤loudFront锛屽ソ鍦ˋWS涓哄紑鍙戣€呮彁渚涗簡CloudFront鑺傜偣鏈嶅姟鍣ㄧ殑IP鑼冨洿锛屾墍浠ユ垜浠彧闇€瑕佸皢瀹樼綉鎻愪緵鐨凜IDR淇℃伅閰嶇疆鍒?proxies灞炴€т腑鍗冲彲銆傚綋鐒讹紝CloudFront鐨処P鑼冨洿闅忔椂鍙兘鍙戠敓鍙樺寲锛屾墍浠ユ垜浠細瀹氭椂鎶撳彇鎺ュ彛骞剁紦瀛樼粨鏋滐紝浠ヤ繚璇佸噯纭€у拰鏁堢巼銆傚師鐞嗗湪浜嗚В浜嗗浣曟纭厤缃甌rustedProxies涔嬪悗锛屾垜浠渶瑕佸涔犲師鐞嗭紝鐭ュ叾鎵€浠ョ劧銆傚垎鏋怉pp\Http\Middleware\TrustedProxies鐨勬簮鐮佷笉闅惧彂鐜帮紝杩欎釜涓棿浠舵渶鍚庡仛鐨勪簨鎯呭氨鏄皟鐢⊿ymfony\Component\HttpFoundation::setTrustedProxies()鏂规硶灏嗕綘閰嶇疆鐨?proxies璧嬪€肩粰Symfony\杞埌Component\HttpFoundation绫荤殑$trustedProxies灞炴€с€傜湅鍒拌繖閲岋紝浣犲氨鏄庣櫧浜嗐€傚叾瀹炶繖涓姛鑳藉叾瀹炴槸鐢卞簳灞傜殑Symfony鎻愪緵鐨勩€俧ideloper/proxy鎵╁睍鍖呭彧鏄府鍔╅€傞厤Laravel锛圫ymfony鎿呴暱馃锛夈€傛帴涓嬫潵鍒嗘瀽婧愮爜锛屾墦寮€鏂囦欢vendor/symfony/http-foundation/Request.php锛岃鍙栬繖涓柟娉曪細publicfunctiongetClientIps(){$ip=$this->server->get('REMOTE_ADDR');濡傛灉(!$this->isFromTrustedProxy()){杩斿洖[$ip];}return$this->getTrustedValues(self::HEADER_X_FORWARDED_FOR,$ip)?:[$ip];}濡傛灉涓嶉厤缃甌rustedProxies鎴栬€呰繖涓緢瀹规槗鐞嗚В濡傛灉璇锋眰涓嶆槸鏉ヨ嚜鍙俊浠g悊锛岄偅涔堢洿鎺ヨ繑鍥濺EMOTE_ADDR鍦板潃锛屾墍浠ユ棤娉曡幏鍙栧埌姝g‘鐨処P銆傚鏋滆姹傛潵鑷彈淇′换鐨勪唬鐞嗭紝鍒欏鎴风鐨処P鏄粠X-Forwarded-For鏍囧ご涓幏鍙栫殑銆傞鍏堣鐭ラ亾REMOTE_ADDR锛屽畠鏄湇鍔″櫒锛坣ginx/apache锛変笌瀹㈡埛绔缓绔婽CP杩炴帴鏃跺緱鍒扮殑鐪熷疄瀹㈡埛绔湴鍧€锛屾棤娉曚吉閫犮€傛瘮濡備綘浣跨敤璐熻浇鍧囪 锛岄偅涔堝簲鐢ㄤ腑鑾峰彇鍒扮殑REMOTE_ADDR灏辨槸璐熻浇鍧囪 鏈嶅姟鍣ㄧ殑鍦板潃锛屽惁鍒欏氨鏄鎴风鐨勫湴鍧€銆傛墍浠sFromTrustedProxy()鏂规硶涔熸槸鏍规嵁REMOTE_ADDR鏉ュ垽鏂殑銆傜劧鍚庢槸X-Forwarded-For锛岃繖鏄疕TTP鍗忚涓父瑙佺殑鎵╁睍澶达紝鐢ㄤ簬璁板綍瀹㈡埛绔拰搴旂敤鏈嶅姟鍣ㄤ箣闂翠紶閫掔殑浠g悊鏈嶅姟鍣ㄦ垨璐熻浇鍧囪 鍣ㄧ殑鍦板潃锛屽寘鎷鎴风鍦板潃銆傛牸寮忓涓嬶細X-Forwarded-For:client,proxy1,proxy2,proxy3姣忎釜浠g悊鏈嶅姟鍣ㄩ兘浼氬湪杩欎釜header鍚庨潰杩藉姞涓婁竴涓唬鐞嗙殑鍦板潃锛屼篃灏辨槸鎴戜滑鍦╪ginx閰嶇疆鏂囦欢涓粡甯哥湅鍒扮殑Configuration:proxy_set_headerX-Forwarded-瀵逛簬$proxy_add_x_forwarded_for锛涙墍浠ユ兂瑕佽幏鍙栫湡姝g殑瀹㈡埛绔疘P锛岄渶瑕侀€氳繃杩欎釜header鏉ヨ幏鍙栥€備絾闇€瑕佹敞鎰忕殑鏄紝X-Forwarded-For鏄彲浠ラ殢鎰忎吉閫犵殑銆傛瘮濡傛垜闅忔剰鏋勯€犱竴涓狧TTP璇锋眰锛?curl-H"X-Forwarded-For:192.168.1.1,192.168.1.2,192.168.1.3"鍥犱负杩欎釜https://example.com鐨勪吉閫狅紝鎴戜滑涓嶈兘鐩存帴浣跨敤X-Forwarded-For涓殑绗竴涓狪P浣滀负鏈€缁堢粨鏋溿€傚埆鎷呭績锛孲ymfony宸茬粡涓烘垜浠悶瀹氫簡杩欎竴鍒囥€傚叧浜嶴ymfony鐨勫叿浣撳仛娉曪紝鏈夊叴瓒g殑鏈嬪弸鍙互鐩存帴鏌ョ湅getTrustedValues()鏂规硶鐨勬簮鐮併€傛垜绠€鍗曟弿杩颁竴涓嬭繃绋嬶細棣栧厛锛屼粠HTTP澶翠腑鍙栧嚭X-Forwarded-For鍜孎orwarded鐨勫€硷紝鐢熸垚涓€涓狪P鍒楄〃銆備负浠€涔堝湪杩欓噷浣跨敤Forwarded鏍囧ご锛熶簨瀹炰笂锛孹-Forwarded-For鐩墠涓嶅睘浜庝换浣曠幇鏈夎鑼冦€傝繖涓秷鎭ご鐨勬爣鍑嗙増鏈槸Forwarded锛屾牸寮忓涓嬶細Forwarded:by=
