From 9f469f5b77eec4c7300895ac9e6fe54c362ecee3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= Date: Sun, 17 Sep 2023 19:15:10 +0800 Subject: [PATCH] =?UTF-8?q?=E8=AE=BF=E5=AE=A2IP=E8=AE=BE=E7=BD=AE=E4=B8=AD?= =?UTF-8?q?=E6=94=AF=E6=8C=81=E5=A4=9A=E4=B8=AA=E8=AF=B7=E6=B1=82=E6=8A=A5?= =?UTF-8?q?=E5=A4=B4/X-Real-IP=E4=B9=9F=E5=8F=AF=E4=BB=A5=E4=BB=8E?= =?UTF-8?q?=E5=8F=98=E9=87=8F=E4=B8=AD=E8=AF=BB=E5=8F=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/nodes/http_request.go | 48 +++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 13 deletions(-) diff --git a/internal/nodes/http_request.go b/internal/nodes/http_request.go index 3130ac3..519e29b 100644 --- a/internal/nodes/http_request.go +++ b/internal/nodes/http_request.go @@ -1171,10 +1171,32 @@ func (this *HTTPRequest) requestRemoteAddr(supportVar bool) string { this.web.RemoteAddr != nil && this.web.RemoteAddr.IsOn && !this.web.RemoteAddr.IsEmpty() { - var remoteAddr = this.Format(this.web.RemoteAddr.Value) - if net.ParseIP(remoteAddr) != nil { - this.remoteAddr = remoteAddr - return remoteAddr + if this.web.RemoteAddr.HasValues() { // multiple values + for _, value := range this.web.RemoteAddr.Values() { + var remoteAddr = this.Format(value) + if len(remoteAddr) > 0 && net.ParseIP(remoteAddr) != nil { + this.remoteAddr = remoteAddr + return remoteAddr + } + } + } else { // single value + var remoteAddr = this.Format(this.web.RemoteAddr.Value) + if len(remoteAddr) > 0 && net.ParseIP(remoteAddr) != nil { + this.remoteAddr = remoteAddr + return remoteAddr + } + } + + // 如果是从Header中读取,则直接返回原始IP + if this.web.RemoteAddr.Type == serverconfigs.HTTPRemoteAddrTypeRequestHeader { + var remoteAddr = this.RawReq.RemoteAddr + host, _, err := net.SplitHostPort(remoteAddr) + if err == nil { + this.remoteAddr = host + return host + } else { + return remoteAddr + } } } @@ -1585,10 +1607,10 @@ func (this *HTTPRequest) setForwardHeaders(header http.Header) { this.RawReq.Header.Set("Connection", "keep-alive") } - remoteAddr := this.RawReq.RemoteAddr - host, _, err := net.SplitHostPort(remoteAddr) + var rawRemoteAddr = this.RawReq.RemoteAddr + host, _, err := net.SplitHostPort(rawRemoteAddr) if err == nil { - remoteAddr = host + rawRemoteAddr = host } // x-real-ip @@ -1596,24 +1618,24 @@ func (this *HTTPRequest) setForwardHeaders(header http.Header) { _, ok1 := header["X-Real-IP"] _, ok2 := header["X-Real-Ip"] if !ok1 && !ok2 { - header["X-Real-IP"] = []string{remoteAddr} + header["X-Real-IP"] = []string{this.requestRemoteAddr(true)} } } // X-Forwarded-For if this.reverseProxy != nil && this.reverseProxy.ShouldAddXForwardedForHeader() { forwardedFor, ok := header["X-Forwarded-For"] - if ok { + if ok && len(forwardedFor) > 0 { // already exists _, hasForwardHeader := this.RawReq.Header["X-Forwarded-For"] if hasForwardHeader { - header["X-Forwarded-For"] = []string{strings.Join(forwardedFor, ", ") + ", " + remoteAddr} + header["X-Forwarded-For"] = []string{strings.Join(forwardedFor, ", ") + ", " + rawRemoteAddr} } } else { var clientRemoteAddr = this.requestRemoteAddr(true) - if len(clientRemoteAddr) > 0 && clientRemoteAddr != remoteAddr { - header["X-Forwarded-For"] = []string{clientRemoteAddr + ", " + remoteAddr} + if len(clientRemoteAddr) > 0 && clientRemoteAddr != rawRemoteAddr { + header["X-Forwarded-For"] = []string{clientRemoteAddr + ", " + rawRemoteAddr} } else { - header["X-Forwarded-For"] = []string{remoteAddr} + header["X-Forwarded-For"] = []string{rawRemoteAddr} } } }