如何使用托管在 Azure Web App 上的 Symfony 4 应用程序获取客户端 IP

Question

I want to log every login attempts on a Web App (Symfony 4.1) hosted on Azure.我想记录 Azure 上托管的 Web 应用程序（Symfony 4.1）上的每次登录尝试。

Based on this question , to get the client IP, I'm using :基于这个问题，为了获取客户端 IP，我正在使用：

// $requestStack being Symfony\Component\HttpFoundation\RequestStack
$ip = $this->requestStack->getMasterRequest()->getClientIp();

However, the logs tell :但是，日志告诉：

[2020-03-10 10:55:56] login_attempt.INFO: User 'username' successfully logged in from ip '172.16.1.1' [] [] [2020-03-10 10:55:56] login_attempt.INFO: 用户 'username' 从 ip '172.16.1.1' [] [] 成功登录

As you can notice, this is a private IP .如您所见，这是一个私有 IP 。 I tried to log in from differents connections, but I'm always getting that IP, 172.16.1.1 .我试图从不同的连接登录，但我总是得到那个 IP， 172.16.1.1 。 Where does this IP come from and how to get the real public IP of the client ?这个IP从哪里来，如何获取客户端的真实公网IP？

Answer 1

That private IP can be a load balancer or a reverse proxy.该私有 IP 可以是负载均衡器或反向代理。

From documentation :从文档：

When you deploy your application, you may be behind a load balancer (eg an AWS Elastic Load Balancing) or a reverse proxy (eg Varnish for caching).当您部署应用程序时，您可能会使用负载均衡器（例如 AWS Elastic Load Balancing）或反向代理（例如用于缓存的 Varnish）。

For the most part, this doesn't cause any problems with Symfony.大多数情况下，这不会对 Symfony 造成任何问题。 But, when a request passes through a proxy, certain request information is sent using either the standard Forwarded header or X-Forwarded-* headers.但是，当请求通过代理时，某些请求信息将使用标准Forwarded标头或X-Forwarded-*标头发送。 For example, instead of reading the REMOTE_ADDR header (which will now be the IP address of your reverse proxy), the user's true IP will be stored in a standard Forwarded: for="..." header or a X-Forwarded-For header .例如，用户的真实 IP 将存储在标准的Forwarded: for="..."标头或X-Forwarded-For ，而不是读取REMOTE_ADDR标头（现在将是您的反向代理的 IP 地址）标题。

If you don't configure Symfony to look for these headers, you'll get incorrect information about the client's IP address, whether or not the client is connecting via HTTPS, the client's port and the hostname being requested.如果您不配置 Symfony 来查找这些标头，您将获得有关客户端 IP 地址的错误信息，无论客户端是否通过 HTTPS 连接，客户端的端口和所请求的主机名。

To fix that, one can add that IP in the trusted proxies of the application.为了解决这个问题，可以在应用程序的受信任代理中添加该 IP。

In Symfony 4, this can be done this way :在 Symfony 4 中，这可以通过以下方式完成：

// index.php

// creates the $_SERVER['TRUSTED_PROXIES'] entry if it doesn't exist/is empty with the IP of the proxy to trust as value
// or append ',the ip' to the existing entry
$_SERVER['TRUSTED_PROXIES'] = (empty($_SERVER['TRUSTED_PROXIES']) ? '' : ($_SERVER['TRUSTED_PROXIES'] . ',')) . '172.16.1.1';

// This is already in index.php, just let it doing its job
if ($trustedProxies = $_SERVER['TRUSTED_PROXIES'] ?? false) {
    Request::setTrustedProxies(explode(',', $trustedProxies), Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST);
}

And now, in the logs :现在，在日志中：

[2020-03-10 13:09:06] login_attempt.INFO: User 'username' successfully logged in from ip ' the public ip address ' [] [] [2020-03-10 13:09:06] login_attempt.INFO：用户'username'从ip'公共ip地址'成功登录[][]

如何使用托管在 Azure Web App 上的 Symfony 4 应用程序获取客户端 IP

问题描述

1 个解决方案

解决方案1
2 已采纳 2020-03-10 12:46:11

如何使用托管在 Azure Web App 上的 Symfony 4 应用程序获取客户端 IP

问题描述

1 个解决方案

解决方案1 2 已采纳 2020-03-10 12:46:11

解决方案1
2 已采纳 2020-03-10 12:46:11