search

Safe3 / uuWAF

A industry-leading free, high-performance, AI and semantic technology web application and API security protection product - uuWAF. 一款工业级免费、高性能、高扩展,支持AI和语义引擎的Web应用和API安全防护产品-南墙。Web应用防火墙、WAF、WAAP
https://waf.uusec.com
Other
640 stars 59 forks source link

Cloudflare域名解析后,无法正常获取IP地址 #47

Closed vvvsrx closed 5 months ago

vvvsrx commented 5 months ago

域名由Cloudflare提供域名解析服务,完全由Cloudflare代理解析. 发现如何设置都无法获取到用户真实IP,只能获取到Cloudflare服务器IP

x-forwarded-proto: https
cf-visitor: {"scheme":"https"}
cf-connecting-ip: 1.1.1.1
referer: https://x.x.net/
host: x.x.net
accept-encoding: gzip
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0
sec-ch-ua-mobile: ?0
accept-language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
x-forwarded-for: 1.1.1.1
sec-ch-ua-platform: "macOS"
sec-ch-ua: "Not_A Brand";v="8", "Chromium";v="120", "Microsoft Edge";v="120"
accept: */*
sec-fetch-site: same-origin
cdn-loop: cloudflare
sec-fetch-mode: no-cors
cf-ipcountry: TW
sec-fetch-dest: script
cf-ray: 8619d19d8f272113-HKG

用户实际IP在cf-connecting-ip中 虽然我看到x-forwarded-for的IP是对的,但是uuwaf也无法获取到.确认设置是正确的. 希望能解决.

vvvsrx commented 5 months ago

升级到最新版后已解决.

Safe3 commented 5 months ago

嗯,最新版支持从自定义header头中获取,走Cloudflare的可以从cf-connecting-ip头获取