如何正确获取用户 IP （避免透明代理，避免伪造 HTTP_X_FORWARDED_FOR）

说明

217.33.193.179:3128 为透明代理。nginx

11.11.11.11 为用户真实IP（打码）。curl

匿名代理无解，现但愿在用户使用透明代理的状况下，正确获取他的真实IP。url

nginx 相关设置：spa

uwsgi_param   Host                 $host;
uwsgi_param   X-Real-IP            $remote_addr;
uwsgi_param   X-Forwarded-For      $proxy_add_x_forwarded_for;
uwsgi_param   X-Forwarded-Proto    $http_x_forwarded_proto;

CASE 1 仅使用透明代理

curl -x 217.33.193.179:3128 http://test.com

获取的META信息：代理

'HTTP_X_FORWARDED_FOR': '11.11.11.11'
'REMOTE_ADDR': '217.33.193.179'

'X-Real-IP': '217.33.193.179'
'X-Forwarded-For': '11.11.11.11, 217.33.193.179'

CASE 2 使用透明代理加伪造X-Forwarded-For

curl -x 217.33.193.179:3128 -H "X-Forwarded-For:192.168.0.1, 192.168.0.2" http://test.com

获取的META：rem

'HTTP_X_FORWARDED_FOR': '192.168.0.1, 192.168.0.2, 11.11.11.11'
'REMOTE_ADDR': '217.33.193.179'

'X-Real-IP': '217.33.193.179'
'X-Forwarded-For': '192.168.0.1, 192.168.0.2, 11.11.11.11, 217.33.193.179'

CASE3 仅使用伪造X-Forwarded-For

curl -H "X-Forwarded-For:192.168.0.1, 192.168.0.2" http://test.com

获取的META：test

'HTTP_X_FORWARDED_FOR': '192.168.0.1, 192.168.0.2'
'REMOTE_ADDR': '11.11.11.11'

'X-Real-IP': '11.11.11.11'
'X-Forwarded-For': '192.168.0.1, 192.168.0.2, 11.11.11.11'

CASE4 正常访问

curl http://test.com

获取的META:uwsgi

'HTTP_X_FORWARDED_FOR': None
'REMOTE_ADDR': '11.11.11.11'

'X-Real-IP': '11.11.11.11'
'X-Forwarded-For': '11.11.11.11'