Of Stack

Java uses HttpRequest to get the user's real IP address

  • 2021-06-28 13:38:10
  • OfStack

In JSP, the method to get the IP address of the client is request.getRemoteAddr(), which is effective in most cases.However, through the reverse proxy software such as Apache, Squid, nginx, the real IP address of the client can not be obtained.

If reverse proxy software is used, URL reverse proxy for http://192.168.1.110:2046/URL is https://www.ofstack.com/URL, the IP address obtained by the request.getRemoteAddr() method is: 127.0.0.1 or 192.168.1.110, which is not the real IP of the client.

After proxying, because of the middle layer between the client and the service, the server cannot get the client's IP directly, and the server-side application cannot return to the client directly by forwarding the request's address.However, the X-FORWARDED-FOR information is added to the HTTP header information that forwards the request.The server address used to track the original client IP address and the original client request.When we visit https://www.ofstack.com/index.jsp/it is not that our browser actually accesses the index.jsp file on the server, but that the proxy server first accesses http://192.168.1.110:2046/index.jsp, and the proxy server returns the results to our browser.Because it is the proxy server that accesses index.jsp, the IP obtained by the request.getRemoteAddr() method in index.jsp is actually the address of the proxy server, not the IP address of the client. 


package com.rapido.utils; 
 
import javax.servlet.http.HttpServletRequest; 
 
/** 
 *  Custom Access Object Tool Class  
 * 
 *  Get Object's IP Address and other information  
 * @author X-rapido 
 * 
 */ 
public class CusAccessObjectUtil { 
 
  /** 
   *  Get User Truth IP Address, not used request.getRemoteAddr(); The reason is that it is possible that users use proxy software to avoid being real IP address , 
   * 
   *  However, if a multilevel reverse proxy is passed, X-Forwarded-For Value of more than 1 But 1 strand IP Value, which is the true client IP And?  
   *  The answer is yes X-Forwarded-For pass the civil examinations 1 Non unknown Effective IP Character string.  
   * 
   *  For example: X-Forwarded-For : 192.168.1.110, 192.168.1.120, 192.168.1.130, 
   * 192.168.1.100 
   * 
   *  User authenticity IP For:  192.168.1.110 
   * 
   * @param request 
   * @return 
   */ 
  public static String getIpAddress(HttpServletRequest request) { 
    String ip = request.getHeader("x-forwarded-for"); 
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { 
      ip = request.getHeader("Proxy-Client-IP"); 
    } 
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { 
      ip = request.getHeader("WL-Proxy-Client-IP"); 
    } 
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { 
      ip = request.getHeader("HTTP_CLIENT_IP"); 
    } 
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { 
      ip = request.getHeader("HTTP_X_FORWARDED_FOR"); 
    } 
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { 
      ip = request.getRemoteAddr(); 
    } 
    return ip; 
  } 
   
}

Related articles: