测试环境： nginx+resin
IP: 内网：172.16.100.10

客户端IP：123.123.123.123

测试页面： test.jsp
<%
out.println(“x-forwarded-for: ” + request.getHeader(“x-forwarded-for”));
out.println(“remote hosts: ” + request.getRemoteAddr());
%>

nginx 配置一
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

wget测试
wget -O aa –header=”X-Forwarded-For:192.168.0.1″ “http://2hei.net/test.jsp“
页面返回结果：
x-forwarded-for: 192.168.0.1, 123.123.123.123
remote hosts: 172.16.100.10

curl测试
curl -H “X-Forwarded-For:192.168.0.1” “http://2hei.net/test.jsp“
x-forwarded-for: 192.168.0.1, 123.123.123.123
remote hosts: 172.16.100.10

nginx 配置二
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

wget测试：
wget -O aa –header=”X-Forwarded-For:192.168.0.1″ “http://2hei.net/test.jsp“
页面返回结果：
x-forwarded-for: 123.123.123.123
remote hosts: 172.16.100.10

curl测试
curl -H “X-Forwarded-For:192.168.0.1” “http://2hei.net/test.jsp“
x-forwarded-for: 123.123.123.123
remote hosts: 172.16.100.10

测试结果：
1、配置  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
增加了一个真实ip X-Forwarded-For，并且顺序是增加到了“后面”。

2、配置  proxy_set_header X-Forwarded-For $remote_addr;
清空了客户端伪造传入的X-Forwarded-For，
保证了使用request.getHeader(“x-forwarded-for”)获取的ip为真实ip，
或者用“，”分隔，截取X-Forwarded-For最后的值。

本文固定链接: https://www.2hei.net/2010/03/18/nginx-x-forwarded-for/ | 2hei.net