Obtain the real IP address of the client under multi-level reverse proxy [Squid]

Source: Internet
Author: User
Obtain the real IP address of the client under multi-level reverse proxy [Squid]

In many applications, you may need to record the real IP address of the user. In this case, you need to obtain the real IP address of the user. In JSP, you can obtain the IP address of the client:Request. getRemoteAddr ()In most cases, this method is effective. However, the real IP address of the client cannot be obtained through reverse proxy software such as Apache and Squid.

During this time, the IP address statistics program is designed. Because the server is a cluster, reverse proxy software is used to reverse proxy the URL of http: // 192.168.1.110: 2046/to http://www.xxx.com/urlRequest. getRemoteAddr ()The obtained IP address is 127.0.0.1 or192.168.1.110Instead of the client's real IP address. Why?

This is the reason for reverse proxy. After proxy, because the intermediate layer is added between the client and the service, the server cannot directly obtain the IP address of the client, and the server application cannot directly return the IP address of the forwarded request to the client. However, X-FORWARDED-FOR information is added in the HTTP header information that forwards the request. It is used to track the original Client IP address and the server address of the original client request. When we access the ingressRequest. getRemoteAddr ()The obtained IP address is actually the proxy server address, not the client IP address.

So we can obtain the real IP address of the client. Method 1:

1 public String getIpAddr (HttpServletRequest request ){
2 String ip = request. getHeader ("x-forwarded-");
3 if (ip = null | ip. length () = 0 ){
4 ip = request. getRemoteAddr ();
5}
6 return ip;
7}

However, when I access http://www.xxx.com/index.jsp/, the IP address returned is always unknown, and it is not the 127.0.0.1 or192.168.1.110When I access http: // 192.168.1.110: 2046/index. jsp, I can return the real IP address of the client and write a method for verification.

  

1 <% @ page import = "java. util. *" %>
2 <table border = 1 cellspacing = 0 cellpadding = 0 align = center>
3 <tr>
4 <th> Name </th>
5 <th> Value </th>
6 </tr>
7 <%
8 Enumeration enumNames;
9 String strName, strValue;
10
11 enumNames = request. getHeaderNames ();
12 while (enumNames. hasMoreElements ()){
13 strName = (String) enumNames. nextElement ();
14 strValue = request. getHeader (strName );
15%>
16 <tr>
17 <td> <% = strName %> </td>
18 <td> <% = strValue %> </td>
19 </tr>
20 <%
21}
22%>
23 <tr>
24 </table>
25

Result: X-Forwarded-For: unknown. X-Forwarded-For does exist, but its value is unknown. Continue to find the cause. I searched the internet for Squid.

The forwarded_for configuration file of squid. conf is on by default. If forwarded_for is set to off:

X-Forwarded-For: unknown

A check, found that forwarded_for item is set to off, the reason found, the forwarded_for item is set to on, after restarting, access the http://www.xxx.com/index.jsp/ obtained IP is the real IP of the client.

So we can obtain the real IP address of the client. Method 2:

1 Public String getipaddr (httpservletrequest request ){
2 string IP = request. getheader ("X-forwarded-");
3 if (IP = NULL | IP. Length () = 0 | "unknown". equalsignorecase (IP )){
4 IP = request. getheader ("proxy-client-IP ");
5}
6 if (IP = NULL | IP. Length () = 0 | "unknown". equalsignorecase (IP )){
7 ip = request. getHeader ("WL-Proxy-Client-IP ");
8}
9 if (ip = null | ip. length () = 0 | "unknown". equalsIgnoreCase (ip )){
10 ip = request. getRemoteAddr ();
11}
12 return ip;
13}
14

However, if a multi-level reverse proxy is passed, there will be more than one X-Forwarded-For value, but a string of Ip values. Which is the real IP address of the client?

The answer is to take the first valid IP string not unknown in X-Forwarded-.

For example:
X-Forwarded-For: 192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100
The user's real IP address is 192.168.1.110.

 

From: http://www.blogjava.net/Alpha/archive/2006/07/12/57764.html#Post

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.