Server A is proxied by server B. How can we obtain the real IP address of the client segment? Now the IP addresses obtained on server A are all the IP addresses of proxy server B. How can we obtain the real IP address of the client?
In JSP, the method to obtain the client's IP address is: request.getRemoteAddr(), which is effective in most cases. However, after passing through Apache, Squid and other reverse proxy software, the real IP address of the client cannot be obtained. If reverse proxy software is used, when the URL of http://192.168.1.110:2046/ is reverse-proxyed to the URL of http://www.bt285.cn/, use the IP address obtained by the request.getRemoteAddr() method Yes: 127.0.0.1 or 192.168.1.110, not the real IP of the client. After passing through the proxy, because an intermediate layer is added between the client and the service, the server cannot directly obtain the client's IP, and the server-side application cannot directly return the address to the client through the forwarding request. However, X-FORWARDED-FOR information is added to the HTTP header information of the forwarding request. Used to track the original client IP address and the server address requested by the original client. When we visit http://www.5q520.cn /index.jsp/, it is not that our browser actually accesses the index.jsp file on the server, but the proxy server first accesses http://192.168. 1.110: 2046/index.jsp, the proxy server returns the accessed result to our browser, because the proxy server accesses index.jsp, so the IP obtained by the method of request.getRemoteAddr() in index.jsp It is actually the address of the proxy server, not the IP address of the client. Therefore, the first method to obtain the real IP address of the client can be obtained:
- public String getRemortIP(HttpServletRequest request) {
- if (request.getHeader("x-forwarded-for") == null) {
- return request.getRemoteAddr();
- }
- return request.getHeader("x-forwarded-for");
- }
But when I visit http://www.5a520.cn /index.jsp/, the returned IP address is always unknown, not 127.0.0.1 or 192.168.1.110 as shown above, and I visit http:/ /192.168.1.110:2046/index.jsp, it can return the real IP address of the client, and write a method to verify it. The reason lies in Squid. The forwarded_for item in the configuration file of squid.conf is on by default. If forwarded_for is set to off, then: X-Forwarded-For: unknown, then the second method to obtain the real IP address of the client can be obtained:
- public String getIpAddr(HttpServletRequest request) {
- String ip = request.getHeader("x-forwarded-for");
- if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
- ip = request.getHeader("Proxy-Client-IP");
- }
- if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
- ip = request.getHeader("WL-Proxy-Client-IP");
- }
- if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
- ip = request.getRemoteAddr();
- }
- return ip;
- }
However, if the multi-level reverse proxy is passed, the value of X-Forwarded-For is not one, but a series of IP values. Which one is the real IP of the real client? The answer is to take the first non-unknown valid IP string in X-Forwarded-For. For example: X-Forwarded-For: 192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100 The real IP of the user is: 192.168.1.110
Original address: http://ipc.iteye.com/blog/419957