Discuz网站如何获取用户的真实IP?

 
DISCUZ论坛如需启用论坛自带的CC防护,请按照如下配置。
使用WAF后,用户访问网站的是通过WAF服务器间接访问网站服务器的,Discuz论坛可能会在获取用户IP时,直接获取WAF的IP,而不能直接获取到用户的真实IP,在此提出一些解决方案。
 

解决方法(DZ X2):

1、打开DZ /source/class/class_core.php 文件。
2、找到第341行,或者搜索“HTTP_CLIENT_IP”,找到如下代码:
function _get_client_ip() {                $ip = $_SERVER['REMOTE_ADDR'];                if (isset($_SERVER['HTTP_CLIENT_IP']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_CLIENT_IP'])) {                        $ip = $_SERVER['HTTP_CLIENT_IP'];                } elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches)) {                        foreach ($matches[0] AS $xip) {                                if (!preg_match('#^(10|172\.16|192\.168)\.#', $xip)) {                                        $ip = $xip;                                        break;                                }                        }                }                return $ip;        }
3、将以上代码修改为:
function _get_client_ip() {                $ip = $_SERVER['REMOTE_ADDR'];                   if (isset($_SERVER['HTTP_X_REAL_FORWARDED_FOR']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_X_REAL_FORWARDED_FOR'])) {                        $ip = $_SERVER['HTTP_X_REAL_FORWARDED_FOR'];                }                  elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_X_FORWARDED_FOR'])) {                        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];                }                 elseif (isset($_SERVER['HTTP_CLIENT_IP']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_CLIENT_IP'])) {                        $ip = $_SERVER['HTTP_CLIENT_IP'];                }                return $ip;        }
 

解决方法(DZ X2.5):

1、打开文件\source\class\discuz\discuz_application.php 找到如下代码:。
private function _get_client_ip() {                $ip = $_SERVER['REMOTE_ADDR'];                if (isset($_SERVER['HTTP_CLIENT_IP']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_CLIENT_IP'])) {                        $ip = $_SERVER['HTTP_CLIENT_IP'];                } elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches)) {                        foreach ($matches[0] AS $xip) {                                if (!preg_match('#^(10|172\.16|192\.168)\.#', $xip)) {                                        $ip = $xip;                                        break;                                }                        }                }                return $ip;        }
3、将以上代码修改为:
private function _get_client_ip() {                $ip = $_SERVER['REMOTE_ADDR'];                   if (isset($_SERVER['HTTP_X_REAL_FORWARDED_FOR']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_X_REAL_FORWARDED_FOR'])) {                        $ip = $_SERVER['HTTP_X_REAL_FORWARDED_FOR'];                }                  elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_X_FORWARDED_FOR'])) {                        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];                }                 elseif (isset($_SERVER['HTTP_CLIENT_IP']) && preg_match('/^([0-9]{1,3}\.){3}[0-9]{1,3}$/', $_SERVER['HTTP_CLIENT_IP'])) {                        $ip = $_SERVER['HTTP_CLIENT_IP'];                }                return $ip;        }		
以上操作后,登陆你的Discuz!论坛后台分别清除缓存即可。
 

Discuz! 3.0 可以参照 Discuz! 2.5。

你可能感兴趣的:(Discuz,阿里云,Linux)