In many applications, it may be necessary to record the user's real IP. At this time, it is necessary to obtain the user's real IP address. In JSP, the method to obtain the client's IP address is: request.getRemoteAddr(). This method is in It works in most cases. However, after passing through Apache, Squid and other reverse proxy software, the real IP address of the client cannot be obtained.
During this period of time, I was doing the programming of IP statistics. Because the server was clustered, I used reverse proxy software to reverse proxy the URL of http://192.168.1.110:2046/ to http://www.xxx.com / URL, use
The IP address obtained by the request.getRemoteAddr() method is: 127.0.0.1 or 192.168.1.110, not the real IP of the client. This is the reason for the reverse proxy.
After passing through the proxy, because an intermediate layer is added between the client and the service, the server cannot directly obtain the client's IP, and the server-side application cannot directly return the address to the client through the forwarding request. However, X-FORWARDED-FOR information is added to the HTTP header information of the forwarding request. Used to track the original client IP address and the server address requested by the original client.
When we visit http://www.xxx.com/index.jsp/, it is not that our browser actually accesses the index.jsp file on the server, but the proxy server first accesses http://192.168. 1.110:2046/index.jsp, the proxy server returns the accessed result to our browser, because the proxy server accesses index.jsp, so the IP obtained by the method of request.getRemoteAddr() in index.jsp It is actually the address of the proxy server, not the IP address of the client.
After passing through the proxy, because an intermediate layer is added between the client and the service, the server cannot directly obtain the client's IP, and the server-side application cannot directly return the address to the client through the forwarding request. However, X-FORWARDED-FOR information is added to the HTTP header information of the forwarding request. Used to track the original client IP address and the server address requested by the original client.
When we visit http://www.xxx.com/index.jsp/, it is not that our browser actually accesses the index.jsp file on the server, but the proxy server first accesses http://192.168. 1.110:2046/index.jsp, the proxy server returns the accessed result to our browser, because the proxy server accesses index.jsp, so the IP obtained by the method of request.getRemoteAddr() in index.jsp It is actually the address of the proxy server, not the IP address of the client.
Therefore, the first method to obtain the real IP address of the client can be obtained:
copy code
code show as below:
public String getIpAddr(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if(ip == null || ip.length() == 0) {
ip = request.getRemoteAddr();
}
return ip;
}
But when I visit http://www.xxx.com/index.jsp/, the returned IP address is always unknown, not 127.0.0.1 or 192.168.1.110 as shown above, and I visit
String ip = request.getHeader("x-forwarded-for");
if(ip == null || ip.length() == 0) {
ip = request.getRemoteAddr();
}
return ip;
}
When http://192.168.1.110:2046/index.jsp, it can return the real IP address of the client, and write a method to verify it.
The result: X-Forwarded-For: unknown . X-Forwarded-For does exist, but its value is unknown. Continue to find the reason. Searched the Internet, the reason is on Squid.
The forwarded_for item in the configuration file of squid.conf is on by default. If forwarded_for is set to off, then:
X-Forwarded-For: unknown
copy code
code show as below:
<%@ page import="java.util.*" %>
<table border=1 cellspacing=0 cellpadding=0 align=center> <tr> <th>Name</th> <th>Value</th> </tr> <% Enumeration enumNames; String strName,strValue;
<table border=1 cellspacing=0 cellpadding=0 align=center> <tr> <th>Name</th> <th>Value</th> </tr> <% Enumeration enumNames; String strName,strValue;
enumNames = request.getHeaderNames(); while(enumNames.hasMoreElements()){ strName = (String)enumNames.nextElement(); strValue = request.getHeader(strName); %> <tr> <td><%=strName%></td> <td><%=strValue%></td> </tr> <% } %> <tr> </table>
The forwarded_for item in the configuration file of squid.conf is on by default. If forwarded_for is set to off, then:
X-Forwarded-For: unknown
After a check, it is found that the forwarded_for item is set to off, the reason is found, the forwarded_for item is set to on, after restarting, the IP obtained by visiting http://www.xxx.com/index.jsp/ is the real IP of the client.
Therefore, the second method of obtaining the real IP address of the client can be obtained:
copy code
code show as below:
public String getIpAddr(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip;
}
However, if the multi-level reverse proxy is passed, the value of X-Forwarded-For is not one, but a series of IP values. Which is the real IP of the real client?
String ip = request.getHeader("x-forwarded-for");
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip;
}
The answer is: take the first non-unknown valid IP string in X-Forwarded-For.
For example:
X-Forwarded-For: 192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100 The
real IP of the user is: 192.168.1.110.
X-Forwarded-For: 192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100 The
real IP of the user is: 192.168.1.110.