服务支持自定义访客IP地址获取方式/对X-Real-IP等Header值进行有效性验证

internal/nodes/http_request.go

@@ -322,6 +322,11 @@ func (this *HTTPRequest) configureWeb(web *serverconfigs.HTTPWebConfig, isTop bo
 		this.web.Root = web.Root
 	}
 
+	// remote addr
+	if web.RemoteAddr != nil && (web.RemoteAddr.IsPrior || isTop) && web.RemoteAddr.IsOn {
+		this.web.RemoteAddr = web.RemoteAddr
+	}
+
 	// charset
 	if web.Charset != nil && (web.Charset.IsPrior || isTop) {
 		this.web.Charset = web.Charset
@@ -505,7 +510,9 @@ func (this *HTTPRequest) Format(source string) string {
 		case "edgeVersion":
 			return teaconst.Version
 		case "remoteAddr":
-			return this.requestRemoteAddr()
+			return this.requestRemoteAddr(true)
+		case "remoteAddrValue":
+			return this.requestRemoteAddr(false)
 		case "rawRemoteAddr":
 			addr := this.RawReq.RemoteAddr
 			host, _, err := net.SplitHostPort(addr)
@@ -761,22 +768,36 @@ func (this *HTTPRequest) addVarMapping(varMapping map[string]string) {
 }
 
 // 获取请求的客户端地址
-func (this *HTTPRequest) requestRemoteAddr() string {
+func (this *HTTPRequest) requestRemoteAddr(supportVar bool) string {
+	if supportVar &&
+		this.web.RemoteAddr != nil &&
+		this.web.RemoteAddr.IsOn &&
+		!this.web.RemoteAddr.IsEmpty() {
+		var remoteAddr = this.Format(this.web.RemoteAddr.Value)
+		if net.ParseIP(remoteAddr) != nil {
+			return remoteAddr
+		}
+	}
+
 	// X-Forwarded-For
 	forwardedFor := this.RawReq.Header.Get("X-Forwarded-For")
 	if len(forwardedFor) > 0 {
 		commaIndex := strings.Index(forwardedFor, ",")
 		if commaIndex > 0 {
-			return forwardedFor[:commaIndex]
+			forwardedFor = forwardedFor[:commaIndex]
+		}
+		if net.ParseIP(forwardedFor) != nil {
+			return forwardedFor
 		}
-		return forwardedFor
 	}
 
 	// Real-IP
 	{
 		realIP, ok := this.RawReq.Header["X-Real-IP"]
 		if ok && len(realIP) > 0 {
-			return realIP[0]
+			if net.ParseIP(realIP[0]) != nil {
+				return realIP[0]
+			}
 		}
 	}
 
@@ -784,7 +805,9 @@ func (this *HTTPRequest) requestRemoteAddr() string {
 	{
 		realIP, ok := this.RawReq.Header["X-Real-Ip"]
 		if ok && len(realIP) > 0 {
-			return realIP[0]
+			if net.ParseIP(realIP[0]) != nil {
+				return realIP[0]
+			}
 		}
 	}
 

internal/nodes/http_request_fastcgi.go

@@ -41,7 +41,7 @@ func (this *HTTPRequest) doFastcgi() (shouldStop bool) {
 	}
 
 	if !env.Has("REMOTE_ADDR") {
-		env["REMOTE_ADDR"] = this.requestRemoteAddr()
+		env["REMOTE_ADDR"] = this.requestRemoteAddr(true)
 	}
 	if !env.Has("QUERY_STRING") {
 		u, err := url.ParseRequestURI(this.uri)

internal/nodes/http_request_log.go

@@ -88,7 +88,7 @@ func (this *HTTPRequest) log() {
 		RequestId:       strconv.FormatInt(this.requestFromTime.UnixNano(), 10) + strconv.FormatInt(atomic.AddInt64(&requestId, 1), 10) + sharedNodeConfig.PaddedId(),
 		NodeId:          sharedNodeConfig.Id,
 		ServerId:        this.Server.Id,
-		RemoteAddr:      this.requestRemoteAddr(),
+		RemoteAddr:      this.requestRemoteAddr(true),
 		RawRemoteAddr:   addr,
 		RemotePort:      int32(this.requestRemotePort()),
 		RemoteUser:      this.requestRemoteUser(),

internal/nodes/http_request_stat.go

@@ -9,6 +9,6 @@ func (this *HTTPRequest) doStat() {
 	}
 
 	// 内置的统计
-	stats.SharedHTTPRequestStatManager.AddRemoteAddr(this.Server.Id, this.requestRemoteAddr())
+	stats.SharedHTTPRequestStatManager.AddRemoteAddr(this.Server.Id, this.requestRemoteAddr(true))
 	stats.SharedHTTPRequestStatManager.AddUserAgent(this.Server.Id, this.requestHeader("User-Agent"))
 }

internal/nodes/http_request_waf.go

@@ -275,7 +275,7 @@ func (this *HTTPRequest) WAFRaw() *http.Request {
 
 // WAFRemoteIP 客户端IP
 func (this *HTTPRequest) WAFRemoteIP() string {
-	return this.requestRemoteAddr()
+	return this.requestRemoteAddr(true)
 }
 
 // WAFGetCacheBody 获取缓存中的Body