管理中心Overview
Enable the protocol version supported by your origin server to relay the original client IP and port information to your server.
Proxy Protocol v1: Supports TCP only and uses a text-based header.
Proxy Protocol v2: Supports both TCP and UDP, uses a binary header, and allows for more metadata.
Simple Proxy Protocol: A lightweight protocol designed for UDP, used to obtain the client’s source IP and port information.
Enable TCP Proxy Protocol v1
1、Go to the IP Protection management page and select “Bind”.
2、Locate “Protocol Type”, choose “TCP”, and configure the “Address Type”, “Edge Port”, and “Origin Server IP”.
3、Under “Proxy Protocol”, select “Proxy Protocol v1”.
When a TCP application is configured to use Proxy Protocol v1, the platform adds a plain text proxy header before each inbound TCP connection.
Proxy Protocol v1 Header
A header is added before each connection, reporting the client’s IP and port. The format of the PROXY protocol text header is as follows:
|
PROXY_STRING single space INET_PROTOCOL single space CLIENT_IP single space PROXY_IP single space CLIENT_PORT single space PROXY_PORT "\r\n" |
Example of a proxy line for an IPv4 address:
|
PROXY TCP4 192.0.2.0 192.0.2.255 42300 443\r\n |
Example of a proxy line for an IPv6 address:
|
PROXY TCP6 2001:db8:: 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff 42300 443\r\n |
Enable TCP/UDP Proxy Protocol v2
1、Go to the IP Protection management page and select “Bind”.
2、Locate “Protocol Type”, choose “TCP” or “UDP”, and configure the “Address Type”, “Edge Port”, and “Origin Server IP”.
3、Under “Proxy Protocol”, select “Proxy Protocol v2”.
When a TCP application is configured for Proxy Protocol v2, a binary header is added before each inbound TCP connection.
When a UDP application is configured for Proxy Protocol v2, the binary header is prepended to the first UDP datagram on the stream.
Proxy Protocol v2 Header
A binary header is added before each connection, reporting the client’s IP address and port.
Binary header format for IPv4 inbound address:
Binary header format for IPv6 inbound address:
Enable Simple UDP Proxy Protocol
1、Go to the IP Protection management page and select “Bind”.
2、Locate “Protocol Type”, choose “UDP”, and configure the “Address Type”, “Edge Port”, and “Origin Server IP”.
3、Under “Proxy Protocol”, select “Simple Proxy Protocol”.
The Session Initiation Protocol (SIP) requires the origin server to prepend the same header with original client source info to outgoing packets. This helps verify that the incoming packet is truly intended for the client.
Session Initiation Protocol Header
The client’s source IP and port are encoded in a fixed-length 38-byte header and appended before the payload of each proxy UDP datagram. The format is as follows:
Header Contents
Magic Number: A fixed 16-bit value set to 0x56EC, used to identify the SPP protocol and its 38-byte header.
Client Address: The 128-bit address of the UDP datagram origin (i.e., the client). If using IPv6, it’s the native address; if IPv4, it's the IPv4-mapped IPv6 address.
Proxy Address: The 128-bit address of the proxy receiving the UDP datagram. Interpreted the same way as the client address.
Client Port: A 16-bit UDP source port used by the client.
Proxy Port: A 16-bit UDP destination port used by the proxy.
Payload: The data following the header in the datagram. All fields (magic number, address, and port) are encoded in network byte order.
The corresponding C structure for the header is as follows:
|
struct { uint16_t magic; uint8_t client_addr[16]; uint8_t proxy_addr[16]; uint16_t client_port; uint16_t proxy_port; }; |
