Java gets the real IP address of the requesting client
Java, method for obtaining the IP address of the client:
REQUEST.GETREMOTEADDR ()
This method is effective in most cases. But in passing the Apache,squid and other reverse proxy software can not obtain the real IP address of the client;
When reverse proxy software is used, the URL of the http://192.168.1.110:2046 is reversed to the URL of http://www.javapeixun.com.cn
The IP address obtained with the REQUEST.GETREMOTEADDR () method is: 127.0.0.1 or 192.168.1.110, not the real IP of the client.
Analysis:
The ISAPI filter also wraps the request object, attaching some header information to be used by the WLS. The actual Iisforward add-on header is as follows:
wl-proxy-client-ip=211.161.1.239 Proxy-client-ip=211.161.1.239 X-forwarded-for= 211.161.1.239 wl-proxy-client-keysize= wl-proxy-client-secretkeysize= X -weblogic-request-clusterinfo=true x-weblogic-keepalivesecs=30 x- weblogic-force-jvmid=-327089098 WL-proxy-ssl=false
After the agent, due to the addition of the middle tier between the client and the service, so the server can not directly get the client's IP, the server-side application can not directly forward the requested address to the customer
End. However, the x-forwarded-for information is added to the HTTP header information of the forwarding request. Used to track the original client IP address and the server address of the original client request. When we visit
Q: http://www.javapeixun.com.cn/index.jsp, it's not really our browser that actually accesses the index.jsp file on the server,
Instead, the proxy server accesses the http://192.168.1.110:2046/index.jsp, and the proxy server returns the results to our browser because it is the proxy server to access
index.jsp, so the IP obtained by REQUEST.GETREMOTEADDR () method in index.jsp is actually the address of the proxy server, not the IP address of the client.
So we can get the real IP address of the client method one:
Public String Getremortip (httpservletrequest request) { ifnull) { return request.getremoteaddr (); } return request.getheader ("x-forwarded-for"); }
But when I visit http://www.5a520.cn/index.jsp, the IP address returned is always unknown, not 127.0.0.1 or 192.168 as shown above. 1.110,
When I visit http://192.168.1.110:2046/index.jsp, I can return the real IP address of the client and write a method to verify it. The reason was on the squid.
The squid.conf configuration file Forwarded_for entry is on by default, if Forwarded_for is set to OFF: X-forwarded-for:unknown
Then we can obtain the client real IP address method two:
Publicstring getipaddr (HttpServletRequest request) {string IP= Request.getheader ("X-forwarded-for"); if(IP = =NULL|| Ip.length () = = 0 | | "Unknown". Equalsignorecase (IP)) {IP= Request.getheader ("Proxy-client-ip"); } if(IP = =NULL|| Ip.length () = = 0 | | "Unknown". Equalsignorecase (IP)) {IP= Request.getheader ("Wl-proxy-client-ip"); } if(IP = =NULL|| Ip.length () = = 0 | | "Unknown". Equalsignorecase (IP)) {IP=request.getremoteaddr (); } returnIP; }
However, if through the multi-level reverse proxy, x-forwarded-for value and more than one, but a string of IP values, exactly which is the real client IP?
The answer is to take the first non-unknown valid IP string in x-forwarded-for.
such as: x-forwarded-for:192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100 user real IP: 192.168.1.110
If the above method is not enough, use the following method:
/*** Get current network IP *@paramRequest *@return */ Publicstring getipaddr (HttpServletRequest request) {string IpAddress= Request.getheader ("X-forwarded-for"); if(IpAddress = =NULL|| Ipaddress.length () = = 0 | | "Unknown". Equalsignorecase (ipAddress)) {ipAddress= Request.getheader ("Proxy-client-ip"); } if(IpAddress = =NULL|| Ipaddress.length () = = 0 | | "Unknown". Equalsignorecase (ipAddress)) {ipAddress= Request.getheader ("Wl-proxy-client-ip"); } if(IpAddress = =NULL|| Ipaddress.length () = = 0 | | "Unknown". Equalsignorecase (ipAddress)) {ipAddress=request.getremoteaddr (); if(Ipaddress.equals ("127.0.0.1") | | ipaddress.equals ("0:0:0:0:0:0:0:1"))){ //IP based on NIC for native configurationInetAddress inet=NULL; Try{inet=Inetaddress.getlocalhost (); } Catch(unknownhostexception e) {e.printstacktrace (); } ipAddress=inet.gethostaddress (); } } //for cases through multiple proxies, the first IP is the client real IP, multiple IPs according to ', ' split if(ipaddress!=NULL&& ipaddress.length () >15) {//"***.***.***.***". Length () = if(Ipaddress.indexof (",") >0) {ipAddress= Ipaddress.substring (0,ipaddress.indexof (",")); } } returnipAddress; }
Java gets the real IP address of the requesting client