使用防火牆Phpwind 網站如何獲取用戶的真實IP?

使用WAF後,用戶訪問網站的是通過WAF服務器間接訪問網站服務器的,Phpwind論壇可能會在獲取用戶IP時,直接獲取WAF的IP,而不能直接獲取到用戶的真實IP,在此提出一些解決方案。

phpwind 8.7按照如下代碼,修改1個文件即可(9.0參照下文):
1、修改 /require/common.php搜索“HTTP_CLIENT_IP”,找到如下代碼。


function pwGetIp() { global $pwServer, $db_xforwardip; if ($db_xforwardip) { if ($pwServer['HTTP_X_FORWARDED_FOR'] && $pwServer['REMOTE_ADDR']) { if (strstr($pwServer['HTTP_X_FORWARDED_FOR'], ',')) { $x = explode(',', $pwServer['HTTP_X_FORWARDED_FOR']); $pwServer['HTTP_X_FORWARDED_FOR'] = trim(end($x)); } if (preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $pwServer['HTTP_X_FORWARDED_FOR'])) {return $pwServer['HTTP_X_FORWARDED_FOR'];} } elseif ($pwServer['HTTP_CLIENT_IP'] && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $pwServer['HTTP_CLIENT_IP'])) {return $pwServer['HTTP_CLIENT_IP'];} } $db_xforwardip = 0; if (preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $pwServer['REMOTE_ADDR'])) {return $pwServer['REMOTE_ADDR'];} return 'Unknown';}

2、將其修改為如下代碼,即刪除上面代碼中的第十行除第一個"}"外,以及刪除第13行內容:



function pwGetIp() { global $pwServer, $db_xforwardip; $ip = $_SERVER['REMOTE_ADDR']; if (isset($_SERVER['HTTP_X_REAL_FORWARDED_FOR']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_X_REAL_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_REAL_FORWARDED_FOR']; } elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } elseif (isset($_SERVER['HTTP_CLIENT_IP']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } return $ip;}


phpwind 9.0按照如下代碼,修改1個文件即可:
1、打開 "/src/aCloud/system/core/ACloudSysCoreCommon.php",修改前建議備份本文件。
2、查找“get_Ip()”,找到如下代碼:


public static function getIp() { static $ip = null; if (! $ip) { if (isset ( $_SERVER ['HTTP_X_FORWARDED_FOR'] ) && $_SERVER ['HTTP_X_FORWARDED_FOR'] && $_SERVER ['REMOTE_ADDR']) { if (strstr ( $_SERVER ['HTTP_X_FORWARDED_FOR'], ',' )) { $x = explode ( ',', $_SERVER ['HTTP_X_FORWARDED_FOR'] ); $_SERVER ['HTTP_X_FORWARDED_FOR'] = trim ( end ( $x ) ); } if (preg_match ( '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER ['HTTP_X_FORWARDED_FOR'] )) { $ip = $_SERVER ['HTTP_X_FORWARDED_FOR']; } } elseif (isset ( $_SERVER ['HTTP_CLIENT_IP'] ) && $_SERVER ['HTTP_CLIENT_IP'] && preg_match ( '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER ['HTTP_CLIENT_IP'] )) { $ip = $_SERVER ['HTTP_CLIENT_IP']; } if (! $ip && preg_match ( '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER ['REMOTE_ADDR'] )) { $ip = $_SERVER ['REMOTE_ADDR']; } ! $ip && $ip = 'Unknown'; } return $ip; }

3、將以上代碼修改為:


public static function getIp() { $ip = $_SERVER['REMOTE_ADDR']; if (isset($_SERVER['HTTP_X_REAL_FORWARDED_FOR']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_X_REAL_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_REAL_FORWARDED_FOR']; } elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } elseif (isset($_SERVER['HTTP_CLIENT_IP']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } return $ip;}
  • 0 Kasutajad peavad seda kasulikuks
Kas see vastus oli kasulik?

Seotud artiklid

測試您的網站是否有惡意程式

Urlvoid.com 是  NoVirusThanks  這家公司發展的免費服務, 提供了20幾個偵測引擎來偵測網站的安全性,是否有惡意程式值入網站。網址:...

VPS、實體主機的代管與非代管之意義為?

代管服務僅對於客戶主機使用cPanel 或 Plesk...

停用網頁裡的Javascript看Java是否造成網頁瀏覽變慢的主因?!

現在的網站,大都使用了Javascript語言來增加廣告收益或者是網頁特效,但過多的Javascript會造成網頁開啟速度變慢、用戶端CPU及記憶體的消耗,為了檢測是網站主機的速度或者是第三方主...

去除Discuz7.0有無新帖版塊圖標

打開模板文件 css_common.htm,找到如下代碼: .list th { background: url({IMGDIR}/forum.gif) 5px 10px no-repeat;...

如果伺服器架美國,台灣人是否就無法設計以及進行架網?

做網頁為何一定要架設伺服器呢? 網頁+空間=線上瀏覽的網站...

Powered by WHMCompleteSolution