diff --git a/internal/web/actions/default/index/loginutils/utils.go b/internal/web/actions/default/index/loginutils/utils.go index bc36ba32..592565b4 100644 --- a/internal/web/actions/default/index/loginutils/utils.go +++ b/internal/web/actions/default/index/loginutils/utils.go @@ -37,6 +37,10 @@ func RemoteIP(action *actions.ActionObject) string { return ipValue } } + + if securityConfig.ClientIPHeaderOnly { + return "" + } } } diff --git a/internal/web/actions/default/settings/security/index.go b/internal/web/actions/default/settings/security/index.go index 279d6ad5..1b032fe9 100644 --- a/internal/web/actions/default/settings/security/index.go +++ b/internal/web/actions/default/settings/security/index.go @@ -83,6 +83,7 @@ func (this *IndexAction) RunPost(params struct { AllowRememberLogin bool ClientIPHeaderNames string + ClientIPHeaderOnly bool DenySearchEngines bool DenySpiders bool @@ -146,6 +147,7 @@ func (this *IndexAction) RunPost(params struct { // 客户端IP获取方式 config.ClientIPHeaderNames = params.ClientIPHeaderNames + config.ClientIPHeaderOnly = params.ClientIPHeaderOnly // 禁止搜索引擎和爬虫 config.DenySearchEngines = params.DenySearchEngines diff --git a/web/views/@default/settings/security/index.html b/web/views/@default/settings/security/index.html index 84400186..36a85c34 100644 --- a/web/views/@default/settings/security/index.html +++ b/web/views/@default/settings/security/index.html @@ -58,12 +58,19 @@ - 自定义客户端IP报头 + 自定义客户端IP报头

可以通过此报头获取客户端IP,类似于X-Forwarded-For X-Real-IP True-Client-IP Client-IP [填入],用于使用反向代理访问管理系统的情形;如果有多个报头可以使用空格隔开。

+ + 仅从自定义报头中获取IP + + +

选中后,表示仅从自定义报头中获取IP,意味着客户端必须使用反向代理访问当前系统,不允许直接访问。

+ + 禁止搜索引擎