cloudflare 获取访客真实ip
Log::info("event.login.header", request()->header());获取不到客户真实 IP ,使用 $ip = request()->getRealIp();
header
{
"x-forwarded-for": "240e:445:5c04:8547:7900:6efe:e86d:4312, 172.70.91.232",
"x-real-ip": "172.70.91.232",
"connection": "close",
"content-length": "102",
"accept-encoding": "gzip, br",
"cf-ray": "8a10d0aabd00368f-LHR",
"x-forwarded-proto": "https",
"cf-visitor": "{\"scheme\":\"https\"}",
"sec-ch-ua": "\"Not/A)Brand\";v=\"8\", \"Chromium\";v=\"126\", \"Google Chrome\";v=\"126\"",
"accept-language": "zh_CN",
"authori-zation": "null",
"sec-ch-ua-mobile": "?0",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36",
"content-type": "application/json;charset=UTF-8",
"accept": "application/json, text/plain, */*",
"sec-ch-ua-platform": "\"Windows\"",
"sec-fetch-site": "same-origin",
"sec-fetch-mode": "cors",
"sec-fetch-dest": "empty",
"priority": "u=1, i",
"cookie": "PHPSID=b96eec4da09bd941cb5c59482b095a5e",
"cf-connecting-ip": "240e:445:5c04:8547:7900:6efe:e86d:4312",
"cdn-loop": "cloudflare",
"cf-ipcountry": "CN"
}
761 2 0
$_SERVER['HTTP_X_FORWARDED_FOR'] 应该是真的
request()->getRealIp() 原理是从tcp层面先获取客户端ip,如果客户端ip是内网ip则证明是负载均衡转发,则尝试读取http头中的x-real-ip等字段作为真实ip。
如果里使用了cdn,那么获取的从TCP层面客户端ip为cdn服务器的外网ip,因为它不是内网ip,所以会直接被认为是真实的客户端ip。webman无法判断你是否用了cdn,所以不能从http头中获取真实ip,因为它可能是伪造的。
如果你用了cdn,并且信任http头中的 x-real-ip 字段,你应该使用$request->header('x-real-ip'); 来获取客户端ip