diff --git a/ThinkPHP/Common/functions.php b/ThinkPHP/Common/functions.php
index 417f046e0..a6543df8d 100644
--- a/ThinkPHP/Common/functions.php
+++ b/ThinkPHP/Common/functions.php
@@ -1454,17 +1454,21 @@ function get_client_ip($type = 0,$adv=false) {
     static $ip  =   NULL;
     if ($ip !== NULL) return $ip[$type];
     if($adv){
-        if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+        if (isset($_SERVER['HTTP_X_HWWAF_REAL_IP'])) {
+            $ip = $_SERVER['HTTP_X_HWWAF_REAL_IP'];
+        } elseif (isset($_SERVER['HTTP_X_REAL_IP'])) {
+            $ip = $_SERVER['HTTP_X_REAL_IP'];
+        } elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
             $arr    =   explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
             $pos    =   array_search('unknown',$arr);
             if(false !== $pos) unset($arr[$pos]);
             $ip     =   trim($arr[0]);
-        }elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
+        } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
             $ip     =   $_SERVER['HTTP_CLIENT_IP'];
-        }elseif (isset($_SERVER['REMOTE_ADDR'])) {
+        } elseif (isset($_SERVER['REMOTE_ADDR'])) {
             $ip     =   $_SERVER['REMOTE_ADDR'];
         }
-    }elseif (isset($_SERVER['REMOTE_ADDR'])) {
+    } elseif (isset($_SERVER['REMOTE_ADDR'])) {
         $ip     =   $_SERVER['REMOTE_ADDR'];
     }
     // IP地址合法验证
diff --git a/ThinkPHP/Mode/Api/functions.php b/ThinkPHP/Mode/Api/functions.php
index 04a8e6978..94213423f 100644
--- a/ThinkPHP/Mode/Api/functions.php
+++ b/ThinkPHP/Mode/Api/functions.php
@@ -1051,14 +1051,18 @@ function get_client_ip($type = 0) {
     $type       =  $type ? 1 : 0;
     static $ip  =   NULL;
     if ($ip !== NULL) return $ip[$type];
-    if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+    if (isset($_SERVER['HTTP_X_HWWAF_REAL_IP'])) {
+        $ip = $_SERVER['HTTP_X_HWWAF_REAL_IP'];
+    } elseif (isset($_SERVER['HTTP_X_REAL_IP'])) {
+        $ip = $_SERVER['HTTP_X_REAL_IP'];
+    } elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
         $arr    =   explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
         $pos    =   array_search('unknown',$arr);
         if(false !== $pos) unset($arr[$pos]);
         $ip     =   trim($arr[0]);
-    }elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
+    } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
         $ip     =   $_SERVER['HTTP_CLIENT_IP'];
-    }elseif (isset($_SERVER['REMOTE_ADDR'])) {
+    } elseif (isset($_SERVER['REMOTE_ADDR'])) {
         $ip     =   $_SERVER['REMOTE_ADDR'];
     }
     // IP地址合法验证