使用app.set设置信任代理 [英] Using app.set to set trust proxy

问题描述

设置应用程序变量trust proxy时，app.set中的第二个参数是否表示服务器信任所有从127.0.0.1或TO 127.0.0.1发出的请求?

When setting the application variable trust proxy, does the second argument in app.set mean that the server trusts all the requests FROM 127.0.0.1 or TO 127.0.0.1?

例如:

app.set('trust proxy', 'loopback');

// or
app.set('trust proxy', '127.0.0.1');

然后

var sess = {
    proxy: true
     cookie: {
      httpOnly: true,
      secure: true
    }
}

根据文档，第二种类型允许使用几种值参数:

According to the documentation, several types of value are allowed as the second argument:

布尔值

如果为true，则将客户端的IP地址理解为最左侧的条目 在X-Forwarded- *标头中.

Boolean

If true, the client’s IP address is understood as the left-most entry in the X-Forwarded-* header.

如果为假，则该应用被理解为直接面向互联网，并且 客户的IP地址来自req.connection.remoteAddress. 这是默认设置.

If false, the app is understood as directly facing the Internet and the client’s IP address is derived from req.connection.remoteAddress. This is the default setting.

一个IP地址，子网或IP地址和子网的阵列 相信.以下列表显示了预先配置的子网名称

An IP address, subnet, or an array of IP addresses and subnets to trust. The following list shows the pre-configured subnet names

推荐答案

我相信这将用于入站请求(即 from 127.0.0.1).

I believe this would be for inbound requests (i.e., from 127.0.0.1).

您链接到的文档是关于在代理后面运行Express应用程序的.当请求到达代理服务器时，代理服务器将请求路由到应用程序，应用程序将看到代理服务器的IP地址，而不是原始客户端的IP地址.

The documentation you linked to is talking about running an Express app behind a proxy. When the requests hit the proxy, the proxy routs the requests to the app, and the app sees the proxy's IP address instead of the original client's IP address.

如文档所述，设置trust proxy通过忽略代理的IP地址(以一种或另一种方式)解决了该问题.

Setting trust proxy fixes that problem by ignoring the proxy's IP address (in one way or another), as the documentation explains.

这篇关于使用app.set设置信任代理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！