Using httprequest to get user’s real IP address in Java

Time:2020-7-20

In JSP, the method to obtain the client’s IP address is as follows: request.getRemoteAddr This method is effective in most cases. But through Apache, squid, nginx and other reverse proxy software, we can’t get the real IP address of the client.

If reverse proxy software is used, the http://192.168.1.110 The URL reverse proxy for: 2046 / is// www.jb51.net /When the URL of the request.getRemoteAddr The IP address obtained by () method is 127.0.0.1 or 192.168.1.110, which is not the real IP address of the client.

After the proxy, because of the middle layer between the client and the service, the server can’t get the client’s IP directly, and the server-side application can’t directly return the request address to the client. However, x-forward-for information is added to the HTTP header of forwarding request. It is used to track the original client IP address and the server address requested by the original client. When we visit// www.jb51.net / index.jsp/ In fact, it is not our browser that actually accesses the server index.jsp The file is accessed by the proxy server first http://192.168.1.110 :2046/ index.jsp The proxy server will return the result to our browser because it is the proxy server to access index.jsp Yes, so index.jsp Through the request.getRemoteAddr The IP address obtained by () is actually the address of the proxy server, not the IP address of the client.

package com.rapido.utils; 
 
import javax.servlet.http.HttpServletRequest; 
 
/** 
 *Custom access object tool class 
 * 
 *Get the IP address and other information of the object 
 * @author X-rapido 
 * 
 */ 
public class CusAccessObjectUtil { 
 
  /** 
   *Get the user's real IP address, do not use request.getRemoteAddr (); the reason is that the user may use proxy software to avoid the real IP address, 
   * 
   *However, if the multi-level reverse proxy is passed, the value of x-forward-for is not one, but a series of IP values. Which is the real IP of the client? 
   *The answer is to take the first valid IP string that is not unknown in x-forward-for. 
   * 
   *For example: x-forward-for: 192.168.1.110, 192.168.1.120, 192.168.1.130, 
   * 192.168.1.100 
   * 
   *The real IP address of the user is 192.168.1.110 
   * 
   * @param request 
   * @return 
   */ 
  public static String getIpAddress(HttpServletRequest request) { 
    String ip = request.getHeader("x-forwarded-for"); 
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { 
      ip = request.getHeader("Proxy-Client-IP"); 
    } 
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { 
      ip = request.getHeader("WL-Proxy-Client-IP"); 
    } 
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { 
      ip = request.getHeader("HTTP_CLIENT_IP"); 
    } 
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { 
      ip = request.getHeader("HTTP_X_FORWARDED_FOR"); 
    } 
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { 
      ip = request.getRemoteAddr(); 
    } 
    return ip; 
  } 
   
}