Spoof HTTP request IP address

Note: Spoofing an HTTP request IP address is generally not a recommended means of use

General use: Simple polling website repeat poll, black others site

In project development (Web project), I am responsible for the system (referred to as PC), need to tune the other system interface, and the system needs to obtain the client (browser access) IP address, give me a worry to die,

Normal process: Browser---Access to PC system----PC system need to tune a third-party system, by default, the PC initiated request requests IP address is the PC's server IP address, rather than requesting the browser-side IP address

So, think about whether the IP address in the request can be modified, because in the PC system can obtain the request IP address, the result is not modified

Finally learned: can be in the HTTP request header, append a head information (name: x-forwarded-for), it will be located before the original IP address, so when the third-party system to obtain the address, the real browser access to the address IP

This code is listed in Java:

X-forwarded-for: referred to as XFF header, which represents the client, that is, the HTTP request-side of the real IP, only when the HTTP proxy or load-balanced server is added.

Httppost.addheader ("x-forwarded-for", IP);

The detailed code is as follows:

 Packagecom.sh.portal.framework.client.http;Importjava.io.IOException;Importorg.apache.commons.lang.StringUtils;Importorg.apache.http.HttpEntity;ImportOrg.apache.http.HttpResponse;ImportOrg.apache.http.client.config.RequestConfig;ImportOrg.apache.http.client.methods.HttpPost;Importorg.apache.http.entity.StringEntity;Importorg.apache.http.impl.client.CloseableHttpClient;ImportOrg.apache.http.impl.client.HttpClientBuilder;ImportOrg.apache.http.message.BasicHeader;ImportOrg.apache.http.protocol.HTTP;Importorg.apache.http.util.EntityUtils;Importorg.springframework.stereotype.Component;ImportCom.sh.portal.framework.client.RemoteServerArgs;Importcom.sh.portal.framework.client.RemoteServerClient;ImportCom.sh.portal.framework.client.RemoteServerResponse;Importcom.sh.portal.util.CommonUtils; @Component Public classRemoteserverclientimplImplementsremoteserverclient {Private Static FinalString Default_encode = "UTF-8"; Private Static FinalString Application_json = "Application/json"; @Override PublicRemoteserverresponse post (Remoteserverargs args)throwsioexception {String IP=commonutils.getrequestipaddress (); //Create HttpclientbuilderHttpclientbuilder Httpclientbuilder =httpclientbuilder.create (); //HttpClientCloseablehttpclient closeablehttpclient =Httpclientbuilder.build (); //Request Parametersstringentity entity =Newstringentity (Args.getrequestjson (), Default_encode); Entity.setcontentencoding (NewBasicheader (HTTP.        Content_Type, Application_json)); HttpPost HttpPost=NewHttpPost (Args.geturl ()); Httppost.addheader (HTTP.        Content_Type, Application_json); //differentiate PC terminal types hereHttppost.addheader ("Typeflg", "9"); //Add the browser-side access IP if (!ip.equals ("")) {Httppost.addheader ("x-forwarded-for" ) , IP);        } httppost.setentity (entity);                Httppost.setconfig (Requestconfig.default);          HttpResponse HttpResponse; //POST RequestHttpResponse =Closeablehttpclient.execute (HttpPost); Httpentity httpentity=httpresponse.getentity ();        Remoteserverresponse response; if(Httpentity! =NULL) {Response=NewRemoteserverresponse (Httpresponse.getstatusline (). Getstatuscode (), entityutils.tostring (HttpEntity, D        Efault_encode)); } Else{Response=NewRemoteserverresponse (Httpresponse.getstatusline (). Getstatuscode (), stringutils.empty); }        //Freeing ResourcesCloseablehttpclient.close (); returnresponse; }}

Spoof HTTP request IP address