Presumably no stranger to this code:
public String getIpAddr (the HttpServletRequest Request) {
String request.getHeader IP = ( "X-Forwarded-for");
IF (IP ip.length == null || () == 0 || "Unknown" .equalsIgnoreCase (IP)) {
IP = request.getHeader ( "the Proxy-Client-the IP");
}
IF (IP ip.length == null || () == 0 || "Unknown." equalsIgnoreCase (IP)) {
IP = request.getHeader ( "the Proxy-Client-WL-the IP");
}
IF (IP ip.length == null || () == 0 || "Unknown" .equalsIgnoreCase (IP) ) {
ip = request.getRemoteAddr ();
}
return ip;
}
Yes, you search for the "java get real IP address" mostly true. However, the above code really right?
Then we look at the specific code. As above, the priority determination ip address is
"X-Forwarded-for">
"the Proxy-Client-the IP"
request.getRemoteAddr ()
where quoted are obtained from the header.
and many more! We all know the value of the header can be changed. For example:
$ .ajax ({
type: "the GET",
headers: { "X-Forwarded--the For": randomIp, "the Proxy-Client-WL-the IP": randomIp},
contentType: 'file application / X-WWW-form- urlencoded; charset = UTF-. 8 ',
URL: URL,
Data: the params,
dataType: "text",
Success: function (Data) {
COUNT ++;
the console.log ( "time: [" + new Date () + "is executed to success: [ "+ count +" times]: "Data +);
IF (max> 0) {
the setTimeout (the wait function () {
the console.log (" wait "+ (timewait) +" MS ... ");
vote (max, getRandomNum (maxWait, minWait));
}, timewait);
}
}
}
Code from: https: //github.com/caiyongji/vote-2.0/blob/master/Vote-2.0.js
which headers attribute X-Forwarded-For, WL- Proxy-Client-IP is not been changed yet?
So, why is there this version of the "java get real IP address" way to do that? And the search engine results can be retrieved mostly this one?
An analogy that, if this solution is a Cheats, then, we find only "java get real IP address" Fragments.
While the remaining part here:
#Nginx provided
LOCATION ~ ^ / static {
proxy_pass ....;
proxy_set_header the For-X-Forward-$ REMOTE_ADDR;
}
This is the reverse configuration (other reverse proxy agent on the front end Nginx Please search on their own), things for this configuration is to replace the X-Forward-for as remote_addr, between then X-Forward-for each server, including network transmission security.
Here I would like to do more for the TCP / IP some explanation, well-known three-way handshake is required when TCP / IP connection is established, and only know the IP address data, server-side client-side requests to return to the client, so the client wants to get data must provide real IP (except DDOS attacks), but request.getRemoteAddr () is that users get the most real IP.
So why not just use use request.getRemoteAddr () way to do this?
If there is no reverse proxy, then of course feasible. But for security reasons, and now most of the services use the proxy server (such as Nginx, proxy servers can be understood as an intermediary between users and servers, both sides can trust.), And the user initiates the proxy server HTTP request, Proxy the service server cluster deployment of the corresponding real service "second request", the final acquisition of ip is the IP address of the proxy server, including network, such as 192.168.xx.xx / 10.xx.xx.xx etc. .
Therefore, in the case of a reverse proxy, request.getRemoteAddr () Gets the ip address of the proxy response, including the network. Therefore, in the reverse proxy X-Forward-For REMOTE_ADDR replaced, i.e., the real IP address. After including the network acquired x-forwarded-for is the real ip address.
Finally, a complete solution (Nginx for example):
JAVA part (from foreign friends Bashan):
public class iputils {
public static String _255 Final = "(:? 25 [0-5] | 2 [0-4] [0 -9] | [01] [0-9] [0-9]) ";??
public static Final the pattern of Pattern.compile pattern = (" ^ (?: "+ + _255" \\.). 3 {} " + _255 + "$");
public static String longToIpV4(long longIp) {
int octet3 = (int) ((longIp >> 24) % 256);
int octet2 = (int) ((longIp >> 16) % 256);
int octet1 = (int) ((longIp >> 8) % 256);
int octet0 = (int) ((longIp) % 256);
return octet3 + "." + octet2 + "." + octet1 + "." + octet0;
}
public static long ipV4ToLong(String ip) {
String[] octets = ip.split("\\.");
return (Long.parseLong(octets[0]) << 24) + (Integer.parseInt(octets[1]) << 16)
+ (Integer.parseInt(octets[2]) << 8) + Integer.parseInt(octets[3]);
}
public static boolean isIPv4Private(String ip) {
long longIp = ipV4ToLong(ip);
return (longIp >= ipV4ToLong("10.0.0.0") && longIp <= ipV4ToLong("10.255.255.255"))
|| (longIp >= ipV4ToLong("172.16.0.0") && longIp <= ipV4ToLong("172.31.255.255"))
|| longIp >= ipV4ToLong("192.168.0.0") && longIp <= ipV4ToLong("192.168.255.255");
}
public static boolean isIPv4Valid(String ip) {
return pattern.matcher(ip).matches();
}
public static String getIpFromRequest(HttpServletRequest request) {
String ip;
boolean found = false;
if ((ip = request.getHeader("x-forwarded-for")) != null) {
StrTokenizer tokenizer = new StrTokenizer(ip, ",");
while (tokenizer.hasNext()) {
ip = tokenizer.nextToken().trim();
if (isIPv4Valid(ip) && !isIPv4Private(ip)) {
found = true;
break;
}
}
}
if (!found) {
ip = request.getRemoteAddr();
}
return ip;
}
}
The Nginx portion (shadow from trace):
LOCATION ~ ^ / static {
proxy_pass ....;
proxy_set_header the For-X-Forward-$ REMOTE_ADDR;
}