最近排查一个日志,意外发现有时候访客的 IP 出现在 http_x_forwarded_for 里。按理应该出现在 remote_addr 里才对。看到 UA 也比较奇怪。http_user_agent”:”Mozilla/5.0 (iPhone; CPU iPhone OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 SP-engine/2.26.0 baiduboxapp/12.6.0.11 (Baidu; P2 14.4)”网上搜索了一下原来百度浏览器在搞中间人。而且请求是 HTTPS 一般是不能中间人,估计百度浏览器自己搞了个证书,然后他的浏览自动信认他自己的自签名证书。正常的请求{“@timestamp”:”2022-02-06T18:30:51+00:00″,”request_uuid”:”41a3a6be-38d1-4a0a-ba8cx”,”origin_country”:”CN”,”origin_city”:”Changzhou”,”origin_latitude”:”31.77360″,”origin_longitude”:”119.95400″,”origin_asn”:”4134″,”host”:”xxx”,”server”:”hnd-kodd”,”remote_addr”:”49.78.204.x”,”remote_user”:””,”request”:”GET /favicon.ico HTTP/2.0″,”status”: “404”,”bytes_received”:”0″,”request_length”:”327″,”bytes_sent”:”757″,”upstream_bytes_sent”:”0″,”upstream_bytes_received”:”0″,”upstream_cache_status”:”HIT”,”upstream_addr”:””,”upstream_connect_time”:”0″,”upstream_header_time”:”0″,”upstream_response_time”:”0″,”upstream_status”:”0″,”request_time”:”0.000″,”http_referrer”:”https://xxx”,”http_user_agent”:”Mozilla/5.0 (Linux; Android 7.1.2; T88Q Build/N2G47H; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/52.0.2743.100 Mobile Safari/537.36″,”http_x_forwarded_for”:””,”request_id”:”9acc43ea22b9dd708b6e6dxxx”}百度浏览器中间的请求{“@timestamp”:”2022-02-06T18:25:41+00:00″,”request_uuid”:”df98136a-9c78-4ce1-b283-9c1458e6c”,”origin_country”:”CN”,”origin_city”:”Unknow”,”origin_latitude”:”34.77320″,”origin_longitude”:”113.72200″,”origin_asn”:”134770″,”host”:””,”server”:”xxx”,”remote_addr”:”180.97.79.x”,”remote_user”:””,”request”:”GET /f/ HTTP/2.0″,”status”: “302”,”bytes_received”:”0″,”request_length”:”423″,”bytes_sent”:”434″,”upstream_bytes_sent”:”685″,”upstream_bytes_received”:”443″,”upstream_cache_status”:”MISS”,”upstream_addr”:”x.x.x.x:443″,”upstream_connect_time”:”0.347″,”upstream_header_time”:”0.459″,”upstream_response_time”:”0.459″,”upstream_status”:”302″,”request_time”:”0.460″,”http_referrer”:”http://xxx/”,”http_user_agent”:”Mozilla/5.0 (iPhone; CPU iPhone OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 SP-engine/2.26.0 baiduboxapp/12.6.0.11 (Baidu; P2 14.4)”,”http_x_forwarded_for”:”49.78.204.x,49.78.204.x”,”request_id”:”a77757548756eaf1f1cx”}网上已有人分析了
没有回复内容