How do I get the remote address of a client in servlet?
Is there any way that I could get the original IP address of the client coming to the server?
I can use request.getRemoteAddr(), but I always seem to get the IP
-
request.getRemoteAddr()is the way. It appears your proxy changes the source IP. When some proxies do that they add the original IP in some custom http header. Userequest.getHeaderNames()andrequest.getHeaders(name)and print all of them to see if there isn't anything of interest. LikeX-CLIENT-IP(made that one up, but they look like this)讨论(0) -
Why don't use a more elegant solution like this?
private static final List<String> IP_HEADERS = Arrays.asList("X-Forwarded-For", "Proxy-Client-IP", "WL-Proxy-Client-IP", "HTTP_CLIENT_IP", "HTTP_X_FORWARDED_FOR"); public static String getClientIpAddr(HttpServletRequest request) { return IP_HEADERS.stream() .map(request::getHeader) .filter(Objects::nonNull) .filter(ip -> !ip.isEmpty() && !ip.equalsIgnoreCase("unknown")) .findFirst() .orElseGet(request::getRemoteAddr); }Deduplicate your code!
讨论(0) -
Why I think we should try to get IP from header '
X-Forwarded-For' first? If you get fromrequest.getRemoteAddr(), it could be client's real ip or last proxy's ip which forwards the request. Thus we can't tell which condition it belongs to. However, if 'X-Forwarded-For' is set into the header, client ip is bound to be the left-most part of what you get from it./** * Try to get real ip from request: * <ul> * <li>try X-Forwarded-For</li> * <li>try remote address</li> * </ul> * * @param request request * @return real ip or "" */ private String tryGetRealIp(HttpServletRequest request) { // X-Forwarded-For: <client>, <proxy1>, <proxy2> // If a request goes through multiple proxies, the IP addresses of each successive proxy is listed. // This means, the right-most IP address is the IP address of the most recent proxy and // the left-most IP address is the IP address of the originating client. String forwards = request.getHeader("X-Forwarded-For"); if (StringUtils.isNotBlank(forwards)) { // The left-most IP must be client ip String ip = StringUtils.substringBefore(forwards, ","); return ip; } else if (StringUtils.isNotBlank(request.getRemoteAddr())) { // this could be real client ip or last proxy ip which forwards the request return request.getRemoteAddr(); } return ""; }讨论(0) -
try this:
public static String getClientIpAddr(HttpServletRequest request) { String ip = request.getHeader("X-Forwarded-For"); if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_CLIENT_IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_X_FORWARDED_FOR"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } return ip; }讨论(0) -
"x-forwarded-for" request header contains the original client IP if using a proxy or a load balancer. But I think not all proxies/lb adds this header.
Here some java code to parse the header: http://www.codereye.com/2010/01/get-real-ip-from-request-in-java.html
If this header is not present then I would proceed as @Bozho suggests
讨论(0) -
The best solution I've ever used
public String getIpAddr(HttpServletRequest request) { String ip = request.getHeader("x-forwarded-for"); if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } return ip; }讨论(0)
加载中...
- 热议问题