In JSP, the method to obtain the client's IP address is: request.getRemoteAddr(), which is effective in most cases. However, after passing through Apache, Nagix and other reverse proxy software, the real IP address of the client cannot be obtained. If reverse proxy software is used, the IP address obtained by the request.getRemoteAddr() method is: 127.0.0.1 or 192.168.1.110, which is the IP address of the proxy server, not the real IP of the client.
After passing through the proxy, because an intermediate layer is added between the client and the service, the server cannot directly obtain the client's IP, and the server-side application cannot directly return the address to the client through the forwarding request. However, X-FORWARDED-FOR information is added to the HTTP header information of the forwarding request. Used to track the original client IP address and the server address requested by the original client. When we access index.jsp, it is not that our browser actually accesses the index.jsp file on the server, but the proxy server first accesses it, and then returns the accessed result to our browser, because it is The proxy server accesses index.jsp, so the IP obtained by the request.getRemoteAddr() method in index.jsp is actually the address of the proxy server, not the IP address of the client.
Method 1 to obtain the real IP address of the client:
public String getRemortIP(HttpServletRequest request) {
if (request.getHeader("x-forwarded-for") == null) {
return request.getRemoteAddr();
}
return request.getHeader("x-forwarded-for");
}
Method 2 to obtain the real IP address of the client:
public String getIpAddr(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip;
}
However, if the multi-level reverse proxy is passed, the value of X-Forwarded-For is not one, but a series of IP values. Which one is the real IP of the real client?
The answer is to take the first non-unknown valid IP string in X-Forwarded-For.
For example: X-Forwarded-For: 192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100, the user's real IP is: 192.168.1.110
If the above method does not work, use the following method:
/**
* Get the current network ip
* @ param request
* @ return
*/
public String getIpAddr(HttpServletRequest request) {
String ipAddress = request.getHeader("x-forwarded-for")
if(ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
ipAddress = request.getHeader("Proxy-Client-IP")
}
if(ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
ipAddress = request.getHeader("WL-Proxy-Client-IP")
}
if(ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
ipAddress = request.getRemoteAddr()
if(ipAddress.equals("127.0.0.1") || ipAddress.equals("0:0:0:0:0:0:0:1")) {
//According to the network card, get the IP of the local configuration
InetAddress inet = null
try {
inet = InetAddress.getLocalHost()
} catch (UnknownHostException e) {
e.printStackTrace ()
}
ipAddress= inet.getHostAddress()
}
}
//For the case of passing through multiple proxies, the first IP is the real IP of the client, and multiple IPs are divided according to ','
if(ipAddress != null && ipAddress.length() > 15) {
if(ipAddress.indexOf(",") > 0) {
ipAddress = ipAddress.substring(0, ipAddress.indexOf(","))
}
}
return ipAddress
}
Apache will automatically set X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server in the Header when using ProxyPass. If the tomcat backend is not set, use request.getHeader("x-forwarded- for"); to get the client ip.