Email
Enterprise Service
menu
Email
Enterprise Service
Submit
Basic information
Waiting for a reply
Your form has been submitted. We'll contact you in 24 hours.
Close
Home/ Blog/ How to proxy the client's real IP with Layer 4 TCP

How to proxy the client's real IP with Layer 4 TCP

Author:PYPROXY
2024-10-28 16:11:26

How to proxy the client's real IP with Layer 4 TCP


In modern network architecture, proxy servers play an important role in traffic management, security, and load balancing. Especially in Layer 4 TCP proxy, how to correctly proxy the client's real IP is a key issue. This article will explore the working principle of Layer 4 TCP proxy in depth and provide detailed methods to implement the client's real IP proxy.


1. What is a Layer 4 TCP proxy?

The Layer 4 TCP proxy (Layer 4 Proxy) works at the transport layer of the OSI model and is mainly responsible for handling TCP connections. It implements communication between the client and the server by forwarding data packets without involving the data content of the application layer. This proxy method is suitable for scenarios that require high performance and low latency, such as load balancing and firewalls.

1.1 Characteristics of Layer 4 TCP Proxy

- High performance: Since only transport layer data is processed, the performance of the Layer 4 proxy is usually better than that of the application layer proxy.

- Transparency: The communication between the client and the server is transparent to the Layer 4 proxy, and the user does not need to modify the application.

- Support for multiple protocols: The Layer 4 proxy can handle multiple TCP-based protocols, such as HTTP, FTP, etc.


2. Importance of the real IP of the proxy client

In many application scenarios, it is crucial to record and process the real IP address of the client. Here are a few reasons:

- Security: Identifying the real IP can help detect and prevent malicious attacks.

- Access control: Perform access control based on the client IP to improve system security.

- Data analysis: Analyze user behavior and traffic sources to optimize services.


3. How does the four-layer TCP proxy handle the real IP of the client

In the four-layer TCP proxy, the default behavior of the proxy server is to hide the real IP of the client and only display the IP of the proxy server. This requires some measures to ensure that the real IP of the client can be correctly passed to the backend server.

3.1 Use X-Forwarded-For header

Although the X-Forwarded-For (XFF) header is more common in application layer proxies, in some cases, the four-layer proxy can also use this header to pass the real IP of the client. The implementation steps are as follows:

1. Configure the proxy server: On the proxy server, configure to add the client IP to the X-Forwarded-For header.

2. Backend server reads header: The backend server needs to be able to parse and trust the X-Forwarded-For header to obtain the client's real IP.

3.2 Directly pass IP information

Some four-layer proxy solutions (such as HAProxy, Nginx, etc.) support passing client IP information directly at the TCP layer. The implementation steps are as follows:

1. Enable Proxy Protocol: Enable the Proxy Protocol on the proxy server, which allows the proxy server to embed client IP information directly into the TCP connection.

2. Configure the backend server: The backend server needs to support and parse the Proxy Protocol to extract the client's real IP.


4. Steps to implement a four-layer TCP proxy

The following are the specific steps to implement a four-layer TCP proxy and correctly proxy the client's real IP:

4.1 Configure the proxy server

Take Nginx as an example, the following are the basic configuration steps:

```nginx

stream {

upstream backend {

server backend_server_ip:port;

}

server {

listen 80;

proxy_pass backend;

# Enable proxy protocol

proxy_protocol on;

}

}

```

4.2 Configure the backend server

On the backend server (such as Nginx or Apache), you need to configure it to support the proxy protocol.

Nginx example configuration:

```nginx

server {

listen 80 proxy_protocol;

location / {

# process request

}

}

```

Apache example configuration:

In Apache, you can use the `mod_proxy` and `mod_remoteip` modules to handle proxy protocols.

```apache

RemoteIPHeader PROXY

```


5. Test proxy settings

After completing the configuration, you need to test whether the proxy settings are successful.

5.1 Check IP address

Access an interface of the backend server to check whether the returned client IP is the real IP. You can use a simple HTTP request tool (such as curl) to test.

5.2 Monitor logs

Check the access log of the backend server to confirm whether the client IP recorded in the log is correct.


6. Common Problems and Solutions

6.1 Client IP is not correctly delivered

If the backend server fails to correctly receive the client's real IP, it may be due to the following reasons:

- Proxy protocol is not enabled: Make sure that the proxy protocol is enabled on both the proxy server and the backend server.

- Network configuration problem: Check the network configuration and make sure that no firewall or router blocks the proxy protocol packets.

6.2 Performance issues

Layer 4 TCP proxy may introduce some latency, especially in high traffic conditions. Performance can be optimized in the following ways:

- Load balancing: Use load balancing technology to distribute traffic to multiple backend servers.

- Cache mechanism: Implement a cache mechanism on the proxy server to reduce the frequency of requests to the backend server.


Layer 4 TCP proxy plays an important role in modern network architecture. With proper configuration, it can effectively proxy the client's real IP. Whether it is for security, access control or data analysis, it is crucial to ensure the correct delivery of the client IP. I hope the guidance provided in this article can help you successfully implement Layer 4 TCP proxy and improve the quality of your network service.