Using HttpRequest in Java to obtain the user's real IP address (reproduced)

[size=medium] In JSP, the method to obtain the IP address of the client is: request.getRemoteAddr(), which is effective in most cases. However, after passing through Apache, Squid, nginx and other reverse proxy software, the real IP address of the client cannot be obtained.
If reverse proxy software is used, when the URL of http://192.168.1.110:2046/ is reverse-proxyed to the URL of http://www.jb51.net/, use the IP address obtained by the request.getRemoteAddr() method Yes: 127.0.0.1 or 192.168.1.110, not the real IP of the client.
After passing through the proxy, because an intermediate layer is added between the client and the service, the server cannot directly obtain the client's IP, and the server-side application cannot directly return the address to the client through the forwarding request. However, X-FORWARDED-FOR information is added to the HTTP header information of the forwarding request. Used to track the original client IP address and the server address requested by the original client. When we visit http://www.jb51.net /index.jsp/, it is not that our browser actually accesses the index.jsp file on the server, but the proxy server first accesses http://192.168. 1.110: 2046/index.jsp, the proxy server returns the accessed result to our browser, because the proxy server accesses index.jsp, so the IP obtained by the method of request.getRemoteAddr() in index.jsp It is actually the address of the proxy server, not the IP address of the client.

package com.rapido.utils;
 
import javax.servlet.http.HttpServletRequest;
 
/**
 * Custom access object tool class
 *
 * Obtain information such as the IP address of the object
 * @author X-rapido
 *
 */
public class CusAccessObjectUtil {
 
  /**
   * To obtain the user's real IP address, the reason for not using request.getRemoteAddr(); is that the user may use proxy software to avoid the real IP address,
   *
   * However, if the multi-level reverse proxy is passed, the value of X-Forwarded-For is not one, but a series of IP values. Which is the real IP of the real client?
   * The answer is to take the first non-unknown valid IP string in X-Forwarded-For.
   *
   * 如：X-Forwarded-For：192.168.1.110, 192.168.1.120, 192.168.1.130,
   * 192.168.1.100
   *
   * The real IP of the user is: 192.168.1.110
   *
   * @param request
   * @return
   */
  public static String getIpAddress(HttpServletRequest request) {
    String ip = request.getHeader("x-forwarded-for");
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
      ip = request.getHeader("Proxy-Client-IP");
    }
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
      ip = request.getHeader("WL-Proxy-Client-IP");
    }
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
      ip = request.getHeader("HTTP_CLIENT_IP");
    }
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
      ip = request.getHeader("HTTP_X_FORWARDED_FOR");
    }
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
      ip = request.getRemoteAddr();
    }
    return ip;
  }
   
}

[/size]
This blog post is quoted from: http://www.jb51.net/article/67050.htm