How to get the real IP address of the client in Java

In JSP, the method to obtain the client's IP address is: request.getRemoteAddr(). This method is effective in most cases. However, the real IP address of the client cannot be obtained through reverse proxy software such as Apache and Squid.

If reverse proxy software is used to reverse proxy the URL of http://192.168.1.110:2046/ to the URL of http://www.javapeixun.com.cn/, use request. The IP address obtained by the getRemoteAddr() method is: 127.0.0.1 or 192.168.1.110, not the real IP of the client.

After proxying, due to the addition of an intermediate layer between the client and the service, the server cannot directly obtain the client's IP, and the server-side application cannot directly return the address to the client by forwarding the request. However, X-FORWARDED-FOR information is added to the HTTP header information of the forwarded request. Used to track the original client IP address and the server address requested by the original client. When we visit http://www.javapeixun.com.cn /index.jsp/, in fact, it is not our browser that actually accesses the index.jsp file on the server, but the proxy server first accesses http:// 192.168.1.110: 2046/index.jsp, the proxy server returns the accessed results to our browser. Because it is the proxy server that accesses index.jsp, index.jsp is obtained through the request.getRemoteAddr() method. The IP is actually the address of the proxy server, not the client's IP address.

So we can get the first method to get the real IP address of the client:

public String getRemortIP(HttpServletRequest request) {   if (request.getHeader("x-forwarded-for") == null) {    return request.getRemoteAddr();   }   return request.getHeader("x-forwarded-for");  }

But when I visit http://www.5a520.cn /index.jsp /, the returned IP address is always unknown, and it is not 127.0.0.1 or 192.168.1.110 as shown above. When I visit http://192.168.1.110:2046/index.jsp, the client's IP address can be returned. I wrote a method to verify the real IP address. The reason lies in Squid. The forwarded_for item in the configuration file of squid.conf is on by default. If forwarded_for is set to off, then: ：

public String getIpAddr(HttpServletRequest request) {        String ip = request.getHeader("x-forwarded-for");        if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {            ip = request.getHeader("Proxy-Client-IP");        }        if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {            ip = request.getHeader("WL-Proxy-Client-IP");        }        if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {            ip = request.getRemoteAddr();        }        return ip;    }

However, if a multi-level reverse proxy is passed, the value of X-Forwarded-For is not just one, but a series of IP values. Which one is the real user end? What about IP? The answer is to take the first non-unknown valid IP string in X-Forwarded-For.

For example:

The above is the detailed content of How to get the real IP address of the client in Java. For more information, please follow other related articles on the PHP Chinese website!