HAProxy 와 NGINX 에서 X-Forwarded-For 설정하기
1. HAProxy L4
1.1 #vi /etc/haproxy/haproxy.cfg
option forwardfor
2. NGINX Web
2.1 # vi /etc/nginx/nginx.conf
http {
set_real_ip_from 10.100.10.0/24;
real_ip_header X-Forwarded-For;log_format main ‘$http_x_forwarded_for – $remote_user [$time_local] ‘
‘”$request” $status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent”‘;
2.2 Log 확인하기
적용 前
10.200.10.74 – – [09/Dec/2016:17:04:10 +0900] “GET / HTTP/1.1” 304 0 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36” “-”
10.200.10.74 – – [09/Dec/2016:17:28:47 +0900] “GET / HTTP/1.1” 304 0 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36” “-”
10.200.10.74 – – [09/Dec/2016:17:28:47 +0900] “GET /favicon.ico HTTP/1.1” 200 1150 “https://purplecow.plura.io/” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36” “-”10.200.10.74 # haproxy ip address
적용 後
123.160.209.113 – – [09/Dec/2016:17:39:55 +0900] “GET / HTTP/1.1” 304 0 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36”
123.160.209.113 – – [09/Dec/2016:17:39:55 +0900] “GET /favicon.ico HTTP/1.1” 200 1150 “https://purplecow.plura.io/” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36”123.160.209.113 # real ip address
3. 참고 사이트