Comments (1)
你提了一个非常好的问题。我尝试解答如下:
如果使用X-Forwarded-For来向下游传递Client IP,会有一些困惑。因为会有以下2种情况:
情况一: 如果请求中本来没有包含X-Forwarded-For头部
那么BFE可以添加新的头部, X-Forwarded-For: client-ip, bfe的地址
情况二:如果请求中已经包含X-Forwarded-For头部
如,X-Forwarded-For: client1, proxy1, proxy2, proxy3
那么BFE需要将自己的地址添加到末尾 X-Forwarded-For: client1, proxy1, proxy2, proxy3,BFE的地址
在第二种情况下,client的地址可能为伪造,而BFE也能将X-Forwarded-For的值如第一种情况那样做整体改写 --
因为有时还要对X-Forwarded-For的内容进行分析。如果都做了改写,则相当于把外网带来的这个信息都丢弃了。
推荐的做法是:
- 按照规范,在X-Forwarded-For的末尾增加BFE的地址
- 使用独立的头部,用于传递“BFE看到的”客户端IP地址
from bfe-book.
Related Issues (8)
- Error in the image code
- SniConf as string instead of array. HOT 1
- 建议每个章节添加一个下一节的链接 HOT 1
- 加了一个在线阅读版本 HOT 1
- 性能损耗的疑问 HOT 1
- 可以+一个反代HTTP2的配置示例么?
- BFE的转发模型 有些表述有问题? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bfe-book.