Java Bypass proxy obtains client true request IP

Project needs and Third-party platform interface, added the source IP authentication function, the test found no problem, but after the deployment found that there are problems, has been the right not to pass, a group of people flying Blind.

I found that piece of code, followed the process found that the logic is not a problem, but the end result is still the right to pass, it is a bit weird. Its basic logic is to get the configured IP list first, and then through the request.getremoteaddr () to obtain the IP address of the client, do authentication and verification, logic is OK, then certainly is request.getremoteaddr () out of the question, Google found that someone had encountered a similar problem.

The final positioning for request.getremoteaddr () is effective in most cases. But in the adoption of APACHE,SQUID and other reverse proxy software can not get to the client's real IP address.

If the reverse proxy software is used, the http://192.168.1.110:2046/URL is reversed to the http://www.xxx.com/URL, with request.getremoteaddr () Method gets the IP address: 127.0.0.1 or 192.168.1.110, not the real IP of the client.

After the agent, because the client and the service increased between the middle tier, so the server can not directly to the client IP, server-side applications can not directly by forwarding the requested address to return to the client. However, in the HTTP header message that forwards the request, the x-forwarded-for information is added to track the original client IP address and the server address of the original client request.
So, our project is just in front of Apache, some requests forwarded to the back-end of the WebLogic, it seems that is the result of the slightly.

Give a fairly reliable code, as follows:

  Java code   PUBLIC STRING GETIPADDR (httpservletrequest request)  {             string ip = request.getheader ("X-forwarded-for" );            if (ip == null | |  ip.length ()  == 0 | |   "Unknown". Equalsignorecase (IP)  {                ip = request.getheader ("Proxy-client-ip");            }            if (ip ==  null | |  ip.length ()  == 0 | |   "Unknown". Equalsignorecase (IP)  {                ip = request.getheader ("Wl-proxy-client-ip");             }           if (ip == null | |  ip.length ()  == 0 | |   "Unknown". Equalsignorecase (IP)  {                 IP = REQUEST.GETREMOTEADDR ();            }           return ip;      }     

If someone encounters similar problems, please pay more attention, hehe.

PS: However, if the adoption of multi-level reverse proxy, x-forwarded-for value and more than one, but a series of IP values, which is the real user end of the real IP.
The answer is to take the first unknown valid IP string in x-forwarded-for. such as: x-forwarded-for:192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100, the user's real IP: 192.168.1.110

Turn from: http://lijie250.iteye.com/blog/251616