Java Get IP Address: request.getremoteaddr () beware

Source: Internet
Author: User
Tags get ip

In the JSP, the method to obtain the client's IP address is: request.getremoteaddr (), this method is effective in most cases. However, the real IP address of the client cannot be obtained through the reverse proxy software such as Apache,squid. If the reverse proxy software is used, thehttp://192.168.1.110:2046/URL Reverse proxy for http://www.xxx.com/URL, use request.getremoteaddr () The IP address obtained by the method is: 127.0.0.1 or 192.168.1.110, not the real IP of the client. After the agent, due to the addition of the middle tier between the client and the service, so the server can not directly get the client's IP, the server-side application can not directly forward the requested address to the client. However, the x-forwarded-for information is added to the HTTP header information of the forwarding request. Used to track the original client IP address and the server address of the original client request. When we visithttp://www.xxx.com/index.jsp/, in fact, is not our browser actually access to the server index.jsp file, but first by the proxy server to access http://192.168.1.110:2046/ INDEX.JSP, the proxy server will return the results of the access to our browser, because it is the proxy server to access index.jsp, so index.jsp through the request.getremoteaddr () is actually the address of the proxy server, not the IP address of the client. So we can get the real IP address of the client method one: Java code
    1. Public String Getremortip (HttpServletRequest request) {
    2. if (Request.getheader ("x-forwarded-for") = = null) {
    3. return request.getremoteaddr ();
    4. }
    5. return Request.getheader ("x-forwarded-for");
    6. }
 

But when I visit http://www.xxx.com/index.jsp/, the IP address returned is always unknown, not 127.0.0.1 or 192.168.1.110 as shown above , and I access the http ://192.168.1.110:2046/index.jsp, you can return the real IP address of the client, write a method to verify. The reason was on the squid. The squid.conf configuration file Forwarded_for entry is on by default, if Forwarded_for is set to OFF: X-forwarded-for:unknown

Then we can obtain the client real IP address method two:

Java code
  1. Public String getipaddr (HttpServletRequest request) {
  2. String IP = request.getheader ( "x-forwarded-for");
  3. if (IP = = Null | |   Ip.length () = = 0 | |  "Unknown". Equalsignorecase (IP)) {  
  4. ip = Request.getheader ( "Proxy-client-ip");
  5. }
  6. if (IP = = Null | |   Ip.length () = = 0 | |  "Unknown". Equalsignorecase (IP)) {  
  7. ip = Request.getheader ( "Wl-proxy-client-ip");
  8. }
  9. if (IP = = Null | |   Ip.length () = = 0 | |  "Unknown". Equalsignorecase (IP)) {  
  10. ip = request.getremoteaddr ();
  11. }
  12. return IP;
  13. }

However, if through the multi-level reverse proxy, x-forwarded-for value and more than one, but a string of IP values, exactly which is the real client IP?

The answer is to take the first non-unknown valid IP string in x-forwarded-for.

Such as:
x-forwarded-for:192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100
User Real IP: 192.168.1.110


Note: According to this method is not necessarily 100% quasi, online many people mentioned to be accurate words must do a client space, such as applets.

reprint to: http://xiaoboss.iteye.com/blog/1181488

Java Get IP Address: request.getremoteaddr () beware

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.