我不完全明白我应该如何获得一个远程用户IP地址。
假设我有一个简单的请求路由,如:
app.get(/, function (req, res){
var forwardedIpsStr = req.header('x-forwarded-for');
var IP = '';
if (forwardedIpsStr) {
IP = forwardedIps = forwardedIpsStr.split(',')[0];
}
});
上面的方法是否正确,以获得真实的用户IP地址或有更好的方法? 那么代理呢?
当前回答
添加app.set('信任代理',true) 使用要求。IP或req。Ips和往常一样
其他回答
我为此写了一个包。您可以将其用作表示中间件。我的软件包发布在这里:https://www.npmjs.com/package/express-ip
您可以使用
npm i express-ip
使用
const express = require('express');
const app = express();
const expressip = require('express-ip');
app.use(expressip().getIpInfoMiddleware);
app.get('/', function (req, res) {
console.log(req.ipInfo);
});
如果你在运行一个像NGiNX之类的代理,那么你应该检查'x-forward -for':
var ip = req.headers['x-forwarded-for'] || req.socket.remoteAddress
如果代理不是“你的”,我不会相信“x-forward -for”报头,因为它可能被欺骗。
虽然来自@alessioalex的答案是有效的,但在Express - guide的Express后台代理部分中有另一种方法。
在初始化代码中添加app.set('trust proxy', true)。 当您想要获取远程客户端的ip时,使用req。IP或req。以通常的方式进行Ips(就好像没有反向代理一样)
可选的阅读:
Use req.ip or req.ips. req.connection.remoteAddress does't work with this solution. More options for 'trust proxy' are available if you need something more sophisticated than trusting everything passed through in x-forwarded-for header (for example, when your proxy doesn't remove preexisting x-forwarded-for header from untrusted sources). See the linked guide for more details. If your proxy server does not populated x-forwarded-for header, there are two possibilities. The proxy server does not relay the information on where the request was originally. In this case, there would be no way to find out where the request was originally from. You need to modify configuration of the proxy server first. For example, if you use nginx as your reverse proxy, you may need to add proxy_set_header X-Forwarded-For $remote_addr; to your configuration. The proxy server relays the information on where the request was originally from in a proprietary fashion (for example, custom http header). In such case, this answer would not work. There may be a custom way to get that information out, but you need to first understand the mechanism.
在nginx.conf文件中: proxy_set_header X-Real-IP $remote_addr;
在node.js服务器文件中: Var IP = req。headers['x-real-ip'] || req.connection.remoteAddress;
注意,表示小写头
将所有的witk @kakopappa解决方案加上morgan客户端ip地址的日志记录:
morgan.token('client_ip', function getId(req) {
return req.client_ip
});
const LOG_OUT = ':remote-addr - :remote-user [:date[clf]] ":method :url HTTP/:http-version" :status :res[content-length] ":referrer" ":user-agent" :client_ip'
self.app.use(morgan(LOG_OUT, {
skip: function(req, res) { // custom logging: filter status codes
return res.statusCode < self._options.logging.statusCode;
}
}));
// could-flare, nginx and x-real-ip support
var getIpInfoMiddleware = function(req, res, next) {
var client_ip;
if (req.headers['cf-connecting-ip'] && req.headers['cf-connecting-ip'].split(', ').length) {
var first = req.headers['cf-connecting-ip'].split(', ');
client_ip = first[0];
} else {
client_ip = req.headers['x-forwarded-for'] || req.headers['x-real-ip'] || req.connection.remoteAddress || req.socket.remoteAddress || req.connection.socket.remoteAddress;
}
req.client_ip = client_ip;
next();
};
self.app.use(getIpInfoMiddleware);
