最近在网上搜索HttpServletRequest获取用户真实IP地址的代码后发现多数结果如下:
public String getIpAddr(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip;
} 我知道reqeust.getRemoteAddr(),也知道request.getHeader(String arg0);
但我不知道:
x-forwarded-for 是什么?
Proxy-Client-IP 又是什么?
WL-Proxy-Client-IP ? 这些都是什么?!
我只能从代码里看出他们都是HTTP Headers!
然后我在stackoverflow中看到了这样的提问:
I need to get the IP address of the client in the JSP page. I have tried the following ways:
request.getRemoteAddr();
request.getHeader("X_FORWARDED_FOR");
request.getHeader("HTTP_CLIENT_IP");
request.getHeader("WL-Proxy-Client-IP");
request.getHeader("Proxy-Client-IP");
request.getHeader("REMOTE_ADDR");ran
看到楼下回答的人都是这么说的:
要么说:Do you use reverse proxy like apache proxy? http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
When acting in a reverse-proxy mode (using the ProxyPass directive, for example), mod_proxy_http adds several request headers in order to pass information to the origin server.
或者:You may not get the real client IP if a the client is behind a proxy, you will get the IP of the proxy and not the client. However, the proxy may include the requesting client IP in a special HTTP header.
再或者:Is your application server behind a load balancer, a proxy or a web server?
后来这位提问者补充道:我没有用任何proxy!
显然下面的回答解决了他的问题,我们先贴在这以便以后查看。
"0:0:0:0:0:0:0:1" is the IPv6 loopback address as defined in RFC 3513.
It appears that your OS and application server are configured to use IPv6 and that you are accessing the page from the local machine.
By the way, calling getRemoteAddress() will not provide you with the IP address of the client. There could be intermediate nodes in the network whose address you might receive. This is especially true of proxies and load-balancers.
回到正题,现在有一些答案了。
看看Wikipedia如何解释 X-Forwarded-For :
The X-Forwarded-For (XFF) HTTP header field is a de facto standard for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer . This is an HTTP request header which was introduced by the Squid caching proxy server's developers. An effort has been started at IETF for standardizing the Forwarded HTTP header.
The general format of the field is:
X-Forwarded-For : client, proxy1, proxy2
至于 WL-Proxy-Client-IP ,我在Oracle论坛看到了这样的对话:
楼主:
Hi all, below is a brief representation of my setup
client -> apache webserver + weblogic http plugin -> weblogic instances
When I do a query of client IP within my application, I am getting the web server's IP address. What configuration and settings do I have to set on my webserver or weblogic in order for me to properly query the client IP ?
最佳回复:
Hi , You may use set 'Weblogic Plug-In Enable' to true to acheive this. When the WebLogic plugin is enabled, a call to getRemoteAddr will return the address of the browser client from the proprietary WL-Proxy-Client-IP header instead of the web server.
Hope this helps :)
Regards.
现在大概明白这些Headers都是什么东西了,Interface ServletRequest的 getRemoteAddr()的解释是这样的:
Returns the Internet Protocol (IP) address of the client or last proxy that sent the request.
所以我们就有了现在的文章顶部写到的HttpServletRequest获取用户真实IP地址的代码。