Home>

In jsp, the method for obtaining the client IP is:request.getremoteaddr (). This method works in most cases,However, after passing reverse proxy software such as Apache and Squid, the real IP address of the client cannot be obtained.

If reverse proxy software is used,When proxying the URL of http://192.168.1.110:3306/to the URL of http://www.8888.com/, the IP address obtained by request.getremoteaddr () method is:127.0.0.17.0 or 192.168. 1.110, not the client's real ip.

After going through the agency,Due to the addition of a middle tier between the client and the service,Therefore, the server cannot directly obtain the client's IP, and the server-side application cannot directly return to the client through the address of the forwarded request.But in the http header of the forwarded request,Added x-forwarded-for information. Used to track the original client IP address and the server address requested by the original client.When we visit http://www.8888.com/index.jsp/, it is not that our browser actually accesses the index.jsp file on the server, but that the proxy server first accesses http://192.168. 1.110:3306/index.jsp, and the proxy server returns the result of the visit to our browser,Because it is the proxy server that accesses index.jsp, the IP obtained by request.getremoteaddr () in index.jsp is actually the address of the proxy server.Not the client's IP address.

Then we can get the first method to obtain the client's real IP address:

public string getremortip (httpservletrequest request)
{
  if (request.getheader ("x-forwarded-for") == null)
  {
    return request.getremoteaddr ();
  }
  return request.getheader ("x-forwarded-for");
}

But when I visit http://www.xxx.com/index.jsp/, the returned IP address is always unknown, and it is not 127.0.0.1 or 192.168.1.110 as shown above, and I visit http://192.168.1.110:3306/index.jsp, it can return the real IP address of the client and write a method to verify it.The reason is Squid. The squid.conf configuration file forwarded_for is on by default. If forwarded_for is set to off then:x-forwarded-for:unknown

Then we can get the second method to obtain the real IP address of the client:

public string getipaddr (httpservletrequest request)
{
  string ip=request.getheader ("x-forwarded-for");
  if (ip == null || ip.length () == 0 || "unknown" .equalsignorecase (ip))
  {
    ip=request.getheader ("proxy-client-ip");
  }
  if (ip == null || ip.length () == 0 || "unknown" .equalsignorecase (ip))
  {
    ip=request.getheader ("wl-proxy-client-ip");
  }
  if (ip == null || ip.length () == 0 || "unknown" .equalsignorecase (ip))
  {
    ip=request.getremoteaddr ();
  }
  return ip;
}

However, if a multi-level reverse proxy is passed,x-forwarded-for has more than one value,It is a string of ip values. Which one is the real ip of the real client?

The answer is:take the first non-unknown valid IP string in x-forwarded-for.

For example:x-forwarded-for:192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100

The real user IP is:192.168.1.110

Both of the above methods are feasible,Never use the request.getremoteaddr () method to get the client IP, this method is not ideal.

jsp
  • Previous Detailed data sharing and communication between AngularJS controllers
  • Next AngularJS basic ng-focus directive simple example