Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
* HanIRCÀÇ #coffeenix ¹æ
[ Àåºñ ¹× ȸ¼± ÈÄ¿ø ]
HOME > ³×Æ®¿öÅ©(network) > À¥ ¼­¹ö(web, httpd, apache) µµ¿ò¸»
°Ë»ö : »çÀÌÆ® WHOIS À¥¼­¹ö Á¾·ù

WebDAV (7, ±Û 1, ÀÚ·á 4)
À¥¼­¹ö Æ©´× (5, ±Û 4, ÀÚ·á 2)
À¥¼­¹ö »ç¿ë Åë°è ÀÚ·á (2, ÀÚ·á 1)
Apache SSL / mod_ssl (4, ±Û 3, ÀÚ·á 2)

  apache¿¡¼­ Proxy IP¸¦ real IP·Î ¹Ù²Ù±â ÀÛ¼ºÀÏ : 2010/03/03 19:14
 
  • ±Û¾´ÀÌ : ÁÁÀºÁøÈ£ ( http://coffeenix.net/ )
  • Á¶È¸¼ö : 28595
          [ ÀÌÀüÈ­¸é / ¼öÁ¤ ]   ºñ¹Ð¹øÈ£ :     Àμâ¿ë È­¸é
      Á¦  ¸ñ :  apache¿¡¼­ Proxy IP¸¦ real IP·Î ¹Ù²Ù±â
    ÀÛ¼ºÀÚ : ÁÁÀºÁøÈ£(truefeel, http://coffeenix.net/ )
    ÀÛ¼ºÀÏ : 2010.2.25(¸ñ)
    ¼öÁ¤ÀÏ : 2015.3.3(È­) mod_rpaf ´Ù¿î¹ÞÀ» URLº¯°æ µî
    ¼öÁ¤ÀÏ : 2015.3.10(È­) nginx ¼³Á¤ Ãß°¡

    À¥¼­¹ö ¾Õ´Ü¿¡ Proxy¼­¹ö¸¦ µÎ°Å³ª Citrix NetscalerµîÀÇ Àåºñ¸¦ »ç¿ëÇÒ °æ¿ì¿¡, À¥¼­¹ö´Â Proxy ¼­¹ö³ª Àåºñ IP¿¡¼­ Á¢¼ÓÇÑ °ÍÀ¸·Î ÀνÄÇÑ´Ù.
    µû¶ó¼­ À¥ÇÁ·Î±×·¥Àº '½ÇÁ¦ Ŭ¶óÀ̾ðÆ® IP'°¡ ¾Æ´Ñ ¾Õ´Ü¿¡ ÀÖ´Â Proxy¼­¹ö IP¸¦ ¿äûÇÑ IP·Î ÀνÄÇÏ°Ô µÈ´Ù. À¥·Î±×µµ ¸¶Âù°¡Áö·Î Proxy ¼­¹ö ¶Ç´Â Àåºñ IP°¡ ³²°Ô µÈ´Ù.

     
    Client IP -> Proxy ¼­¹ö ¹× Àåºñ -> À¥¼­¹ö
     


    ÀÌ ¶§ X-Forwarded-For HTTP Çì´õ(¶Ç´Â ÀÓÀÇ·Î ÁöÁ¤ÇÑ Çì´õ)¿¡ Àִ Ŭ¶óÀ̾ðÆ® IP¸¦ »Ì¾Æ¼­
    1) À¥ÇÁ·Î±×·¥¿¡¼­´Â ½ÇÁ¦ ¿äûÇÑ Å¬¶óÀ̾ðÆ® IP¸¦ ¾Ë ¼ö ÀÖ°í,
    2) À¥·Î±×¿¡µµ ³²±æ ¼ö°¡ ÀÖ´Ù.

    ´ÙÀ½Àº ¾ÆÆÄÄ¡¿¡¼­ LogFormatÀ» ¼³Á¤ÇÑ ¿¹ÀÌ´Ù. ù¹ø°ÁÙÀº ±âº»ÀûÀ¸·Î Á¦°øÇÏ´Â combined Æ÷¸Ë, µÎ¹ø°ÁÙÀÌ IP Çʵ忡 X-Forwarded-ForÇì´õÀÇ IPÁ¤º¸·Î ´ëüÇÏ´Â Æ÷¸ËÀÌ´Ù.

     
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" realiplog

    CustomLog "...»ý·«..." realiplog
     


    ±×·¯³ª µÎ¹ø°ÁÙÀÇ LogFormat ¼³Á¤À» ÇÏ´õ¶óµµ ¿©·¯°¡ ¹ß»ýÇßÀ» °æ¿ì error log¿¡´Â ¿©ÀüÈ÷ Proxy IP°¡ ³²°Ô µÈ´Ù. ¶ÇÇÑ À¥ÇÁ·Î±×·¥¿¡¼­´Â Ŭ¶óÀ̾îÆ® IPÀ» ¾Ë¾Æ¾ß ÇÒ °æ¿ì X-Forwarded-For¸¦ ¸Å¹ø È®ÀÎÇؾßÇÏ´Â ºÒÆíÇÔÀÌ ÀÖ´Ù.


    1. mod_rpaf ¸ðµâÀÌ ÇÏ´Â ÀÏ

     * mod_rpaf¸ðµâÀÇ ¿ªÇÒ

    proxy ¼­¹ö IP³ª Àåºñ IP¸¦ -> X-Forwarded-For µîÀÇ Çì´õ¿¡ ´ã±ä IP·Î º¯È¯ÇÏ¿© À¥¼­¹ö¿¡ ³Ñ°ÜÁØ´Ù.
     


    ¾ÆÆÄÄ¡¿ë mod_rpaf ¸ðµâÀ» »ç¿ëÇÏ¸é ¹®Á¦¸¦ ¸»²ûÈ÷ ÇØ°áÇÒ ¼ö ÀÖ´Ù. ÀÌ ¸ðµâÀº Ŭ¶óÀ̾ðÆ® IP°¡ ÀúÀåµÈ X-Forwarded-For Çì´õ(Çì´õ¸íÀº º¯°æ °¡´É)°ªÀ» »Ì¾Æ¼­ ¿äûÇÑ IP(REMOTE_ADDR)·Î ¹Ù²ã¼­ À¥¼­¹ö¿¡ ³Ñ°ÜÁØ´Ù. ½ÇÁ¦ Ŭ¶óÀ̾ðÆ® IP¸¦ ³Ñ°ÜÁֹǷΠÀ¥ÇÁ·Î±×·¡¹ÖÀÌ ÆíÇØÁø´Ù. ±×¸®°í LogFormat ¼³Á¤À» º¯°æÇÒ ÇÊ¿ä°¡ ¾ø°í, error log¿¡µµ ½ÇÁ¦ Ŭ¶óÀ̾ðÆ® IP°¡ ³²´Â´Ù.


    1) mod_rpaf¸ðµâ ¾ø´Ù¸é
       Client IP(192.168.123.123) -> Proxy ¼­¹ö (10.10.123.3) -> À¥¼­¹ö´Â 10.10.123.3 ¿¡¼­ Á¢¼ÓÇÑ °ÍÀ¸·Î ÀνÄ
    2) mod_rpaf¸ðµâ »ç¿ë
       Client IP(192.168.123.123) -> Proxy ¼­¹ö (10.10.123.3) -> À¥¼­¹ö´Â 192.168.123.123¿¡¼­ Á¢¼ÓÇÑ °ÍÀ¸·Î ÀνÄ


    2. mod_rpaf ¸ðµâ ¼³Ä¡ (apache 2.x¿¡¼­)

    1) ¸®´ª½ºÀÇ °æ¿ì

    https://github.com/y-ken/mod_rpaf (apache 2.0¶Ç´Â 2.2) ¶Ç´Â https://github.com/gnif/mod_rpaf (apache 2.4Áö¿ø)¿¡¼­ ¸ðµâ ¼Ò½º¸¦ ¹ÞÀº ÈÄ, ¾ÆÆÄÄ¡ÀÇ apxs¸í·ÉÀ¸·Î ÄÄÆÄÀÏÇÑ´Ù. (¼³Ä¡ ¹æ¹ýÀº ÇØ´ç ÆäÀÌÁö¸¦ Âü°í ÇÒ °Í)

     
    # apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
     


    ¸ðµâÀÌ ·ÎµùµÇµµ·Ï ¼³Á¤ÇÑ´Ù.

     LoadModule rpaf_module        modules/mod_rpaf-2.0.so
     


    2) FreeBSDÀÇ °æ¿ì

    ports·Î Á¦°øÇϹǷΠ°£´ÜÈ÷ ¼³Ä¡ÇÒ ¼ö ÀÖ´Ù. ¸¸¾à apache 2.2¸¦ »ç¿ëÁßÀ̶ó¸é ap24-mod_rpaf2-0.6_3 is marked as broken: : Error from bsd.apache.mk. apache22 is installed ... ¿Í °°Àº ¿¡·¯°¡ ³ª¿Ã ¼ö ÀÖ´Ù. /etc/make.conf¿¡ DEFAULT_VERSIONS+=apache=2.2 ¸¦ Ãß°¡ÇÏ°í ÄÄÆÄÀÏÇÑ´Ù.

     
    # cd /usr/ports/www/mod_rpaf2/
    # make install clean
     


    ¸ðµâÀÌ ·ÎµùµÇµµ·Ï ¼³Á¤ÇÑ´Ù.

     LoadModule rpaf_module        libexec/apache22/mod_rpaf.so
     



    3. mod_rpaf ¼³Á¤

    apache ¼³Á¤ ¿¹ÀÌ´Ù.

     
    RPAFenable On
    RPAFsethostname On
    RPAFproxy_ips 10.10.123.3
    RPAFheader X-Forwarded-For
     


    ¡Ø https://github.com/gnif/mod_rpaf ¿¡¼­ ¸ðµâÀ» ¹Þ¾Æ ¼³Ä¡ÇÑ °æ¿ì ¼³Á¤ÀÌ Á¶±Ý ´Ù¸£´Ï ÁÖÀÇÇÒ °Í
     RPAFenable      -> RPAF_Enable
    RPAFproxy_ips   -> RPAF_ProxyIPs
    RPAFheader      -> RPAF_Header
    RPAFsetHostname -> RPAF_SetHostName
     


    - RPAFsethostname°¡ OnÀ¸·Î µÇ¾î ÀÖÀ¸¸é, X-Host Çì´õÀÇ °ªÀ» ¿äû È£½ºÆ®¸íÀ¸·Î ¹Ù²ãÁØ´Ù.
    - RPAFproxy_ips ¿¡´Â Proxy ¼­¹ö IP³ª Àåºñ IP¸¦ ³ª¿­ÇÑ´Ù. ¿©·¯ °³ÀÏ ¶§´Â ºóÄ­À¸·Î ±¸ºÐÇÑ´Ù. ¿©±â¿¡ Àû¾îÁø IP¸¦ ¸¶ÁÖÄ¡°Ô µÇ¸é HTTP Çì´õ¿¡ ÀûÇôÀִ Ŭ¶óÀ̾ðÆ® IP·Î ¹Ù²ãÁÖ°Ô µÈ´Ù.
    - RPAFheader¿¡´Â Ŭ¶óÀ̾ðÆ®ÀÇ real IP°¡ µé¾î ÀÖ´Â HTTP Çì´õ¸íÀ» ÁöÁ¤ÇÑ´Ù. ±âº»°ªÀº X-Forwarded-For.

    À§ÀÇ ¼³Á¤¿¡ µû¸£¸é À¥¼­¹ö¿¡ Á¢¼ÓÇÑ IP°¡ 10.10.123.3(Áï, proxy ¼­¹ö³ª Àåºñ IP)·Î ÆľǵǾúÀ» ¶§, X-Forwarded-For Çì´õ¿¡ Àִ Ŭ¶óÀ̾ðÆ® IP·Î ¹Ù²î¼­ ³Ñ°ÜÁØ´Ù. php¿¡¼­´Â $_SERVER['REMOTE_ADDR']°¡ ½ÇÁ¦ Ŭ¶óÀ̾ðÆ® IP·Î ¹Ù²î°Ô µÇ°í, X-Host Çì´õ °ªÀÌ ÀÖ´Ù¸é $_SERVER['HTTP_HOST'] º¯¼öµµ ¹Ù²î°Ô µÈ´Ù.

    ¿¹ 1) À¥¼­¹ö¿¡ Á¢¼ÓÇÑ IP°¡ 10.10.123.3(Áï, proxy ¼­¹ö³ª Àåºñ IP)ÀÌ°í, X-Forwarded-ForÇì´õ°¡ 111.111.111.1 ÀÏ ¶§ ´ÙÀ½°ú °°ÀÌ ·Î±×°¡ ³²´Â´Ù.

     
    1) access log
    111.111.111.1 - - [01/Feb/2010:08:26:48 +0900] "GET / HTTP/1.1" 200 25276 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100125 Ubuntu/9.04 (jaunty) Firefox/3.6"

    2) error log
    [Mon Feb 01 11:31:46 2010] [error] [client 111.111.111.1] File does not exist: /home/cnx/public_html/a.html
     


    ¿¹ 2) À¥¼­¹ö¿¡ Á¢¼ÓÇÑ IP°¡ 222.222.222.2(RPAFproxy_ips¿¡ ¼³Á¤ÇÏÁö ¾ÊÀº IP)ÀÌ°í, X-Forwarded-ForÇì´õ°¡ 111.111.111.1 À϶§, IPº¯È¯¾øÀÌ ±×´ë·Î ³²´Â´Ù.

     
    222.222.222.2 - - [01/Feb/2010:08:26:48 +0900] "GET / HTTP/1.1" 200 25276 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100125 Ubuntu/9.04 (jaunty) Firefox/3.6"
     



    4. ½ÃÆ®¸¯½º ³Ý½ºÄÉÀÏ·¯¿¡¼­ Use Source IP¸¦ ¾²Áö ¾ÊÀ» ¶§

    System -> Settings -> Modes ¸¦ Ŭ¸¯Çϸé 'Use Source IP'¼³Á¤ÀÌ ÀÖ´Ù.



    1) üũ¸¦ Çϸé, ½ÇÁ¦ Á¢¼ÓÇÑ Å¬¶óÀ̾ðÆ®(PC) IPÁ¤º¸¸¦ ±×´ë·Î ÇÏ´Ü À¥¼­¹ö·Î ³Ñ°ÜÁØ´Ù. À¥¼­¹ö¿¡¼­ ÇØÁÙ °ÍÀº ¾Æ¹« °Íµµ ¾ø´Ù.
    2) üũ¸¦ ÇØÁ¦Çϸé, ½ÃÆ®¸¯½º ÀåºñÀÇ IP¸¦ ³Ñ°ÜÁØ´Ù. À̶§ ÁöÁ¤ÇÑ Çì´õ¿¡ Ŭ¶óÀ̾ðÆ® real IPÁ¤º¸°¡ ´ã°ÜÀÖ´Ù. ½ÃÆ®¸¯½º ³Ý½ºÄÉÀÏ·¯¿¡¼­ Ŭ¶óÀ̾ðÆ® IP¸¦ ´ãÀ» Çì´õ¸íÀº ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇÑ´Ù.

     
    set service -cip ENABLED Client-IP
     


    ¾ÆÆÄÄ¡¿¡¼­ ¼³Á¤Àº À§¿¡¼­ Çß´ø °Í°ú ¶È°°´Ù. RPAFproxy_ips¿¡´Â ½ÃÆ®¸¯½º Àåºñ IP¸¦, RPAFheader¿¡´Â ½ÃÆ®¸¯½º¿¡¼­ ¼³Á¤ÇÑ HTTP Çì´õ¸íÀ» Àû¾îÁØ´Ù.

     
    RPAFenable On
    RPAFsethostname On
    RPAFproxy_ips 10.10.123.3
    RPAFheader Client-IP
     


    5. nginx¿¡¼­

     
    set_real_ip_from  10.10.10.10;
    real_ip_header    X-Forwarded-For;
     


    ÀÚ¼¼ÇÑ ¼³Á¤Àº ´ÙÀ½ ±ÛÀÇ '4. À¥¼­¹ö ·Î±×¿¡ Proxy IP´ë½Å Ŭ¶óÀ̾ðÆ® IP ³²±â±â'ºÎºÐÀ» Àо½Ã±æ.

    * HAProxy·Î ·Îµå¹ë·±½Ì(LB, ÀÌÁßÈ­) ±¸¼º (±Û ÁÁÀºÁøÈ£, 2015.3)
      http://coffeenix.net/board_view.php?bd_code=1771


    6. Âü°í ÀÚ·á

    * reverse proxy add forward module for Apache (mod_rpaf)
      https://github.com/gnif/mod_rpaf (apache 2.4 Áö¿ø)
      https://github.com/y-ken/mod_rpaf
      http://stderr.net/apache/rpaf/ (2015.2 ÇöÀç Á¢¼Ó ¾ÈµÊ)
    * FreeBSD : mod_rpaf
      http://www.freebsdsoftware.org/www/mod_rpaf.html

    * X-Forwarded-For
      http://en.wikipedia.org/wiki/X-Forwarded-For

    * Custom Header Module for Apache 2.x to Process Client IP Address
      http://support.citrix.com/article/CTX109555
    * How to rewrite HTTP Headers with Client IP
      http://community.citrix.com/display/ns/How+to+rewrite+HTTP+Headers+with+Client+IP
      Ä¿ÇǴнº Ä«Æä ÃÖ±Ù ±Û
    [03/18] ±¹°¡&#5
    [10/20] Cross Compiler ±ò
    [07/14] SSL ¬¡¬°
    [04/26] Re: µµ½ºÈ­¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
    [04/25] µµ½ºÈ­¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
    [10/30] Cshell¿¡¼­ ³­¼ö ¼³Á¤
    [10/23] °øÇ×öµµÁÖ½Äȸ»ç SE ±¸ÀÎ Ëì
    [01/26] Re: wgetÀ¸·Î ´Ù¸¥¼­¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
    [01/25] wgetÀ¸·Î ´Ù¸¥¼­¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
    [01/11] ƯÁ¤ ¾Èµå·ÎÀ̵å WebView ¹öÀü¿¡¼­ SSL ¹®Á¦ (WebView ¹ö±×)
    [08/01] DNS forwarder (Àü´ÞÀÚ) ¼­¹ö¸¦ ÅëÇؼ­ Äõ¸®ÇÏ¸é ¿ª¹æÇâÀ» ¹Þ¾Æ¿ÀÁú ¸øÇÕ´Ï´Ù.
    [05/16] (ÁÖ)ÈÄÀÌÁî ½Ã½ºÅÛ¿£Áö´Ï¾î (°æ·ÂÀÚ) ¸ðÁý
    [02/15] [AWS] Cloudfront edge È®ÀÎÇϱâ
    [01/20] Mobile Service/eCommerce ±â¾÷¿¡¼­ Server / Java / PHP °³¹ßÀÚ ±¸ÀÎ
    [01/11] źźÇÑ ÆÛºí¸®½Ì ¸ð¹ÙÀϱâ¾÷¿¡¼­ Mobile °³¹ßÀÚ¸¦ ¸ð½Ê´Ï´Ù.
      New!   ÃÖ±Ù¿¡ µî·ÏÇÑ ÆäÀÌÁö
      KiCad EDA Suite project (Free/Libre/Open-Source EDA Suite) (CAD)
      ¿ÀÇÂij½ºÄÉÀ̵å ijµå (OpenCASCADE CAD)
      QCad for Windows --- GNU GPL (Free Software)
      The Hello World Collection
      IPMI¸¦ È°¿ëÇÑ ¸®´ª½º ¼­¹ö°ü¸®
      DNS ¼³Á¤ °Ë»ç
      nagiosgraph ¼³Ä¡ ¹æ¹ý
      Slony-I ¼³Ä¡ ¹æ¹ý (postgresql replication tool)
      Qmail±â¹ÝÀÇ Anti spam ½Ã½ºÅÛ ±¸ÃàÇϱâ
      clusterssh

    [ ÇÔ²²ÇÏ´Â »çÀÌÆ® ]




    ¿î¿µÁø : ÁÁÀºÁøÈ£(truefeel), ¾ß¼ö(yasu), ¹ü³ÃÀÌ, sCag
    2003³â 8¿ù 4ÀÏ~