为什么用户真实IP地址要这样获取?
来源:互联网 发布:csgo皮肤枪大全知乎 编辑:程序博客网 时间:2024/05/17 23:37
最近在网上搜索HttpServletRequest获取用户真实IP地址的代码后发现多数结果如下:
public String getIpAddr(HttpServletRequest request) { String ip = request.getHeader("x-forwarded-for"); if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } return ip;}
我知道reqeust.getRemoteAddr(),也知道request.getHeader(String arg0);
但我不知道:
x-forwarded-for 是什么?
Proxy-Client-IP 又是什么?
WL-Proxy-Client-IP ? 这些都是什么?!
我只能从代码里看出他们都是HTTP Headers!
然后我在stackoverflow中看到了这样的提问:
I need to get the IP address of the client in the JSP page. I have tried the following ways:
request.getRemoteAddr();request.getHeader("X_FORWARDED_FOR");request.getHeader("HTTP_CLIENT_IP");request.getHeader("WL-Proxy-Client-IP");request.getHeader("Proxy-Client-IP");request.getHeader("REMOTE_ADDR");ran
看到楼下回答的人都是这么说的:
要么说:Do you use reverse proxy like apache proxy? http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
When acting in a reverse-proxy mode (using the ProxyPass directive, for example), mod_proxy_http adds several request headers in order to pass information to the origin server.
或者:You may not get the real client IP if a the client is behind a proxy, you will get the IP of the proxy and not the client. However, the proxy may include the requesting client IP in a special HTTP header.
再或者:Is your application server behind a load balancer, a proxy or a web server?
后来这位提问者补充道:我没有用任何proxy!
显然下面的回答解决了他的问题,我们先贴在这以便以后查看。
"0:0:0:0:0:0:0:1" is the IPv6 loopback address as defined in RFC 3513.
It appears that your OS and application server are configured to use IPv6 and that you are accessing the page from the local machine.
By the way, calling getRemoteAddress() will not provide you with the IP address of the client. There could be intermediate nodes in the network whose address you might receive. This is especially true of proxies and load-balancers.
回到正题,现在有一些答案了。
看看Wikipedia如何解释 X-Forwarded-For :
The X-Forwarded-For (XFF) HTTP header field is a de facto standard for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer . This is an HTTP request header which was introduced by the Squid caching proxy server's developers. An effort has been started at IETF for standardizing the Forwarded HTTP header.
The general format of the field is:
X-Forwarded-For : client, proxy1, proxy2
至于 WL-Proxy-Client-IP ,我在Oracle论坛看到了这样的对话:
楼主:
Hi all, below is a brief representation of my setup
client -> apache webserver + weblogic http plugin -> weblogic instances
When I do a query of client IP within my application, I am getting the web server's IP address. What configuration and settings do I have to set on my webserver or weblogic in order for me to properly query the client IP ?
最佳回复:
Hi , You may use set 'Weblogic Plug-In Enable' to true to acheive this. When the WebLogic plugin is enabled, a call to getRemoteAddr will return the address of the browser client from the proprietary WL-Proxy-Client-IP header instead of the web server.
Hope this helps :)
Regards.
现在大概明白这些Headers都是什么东西了,Interface ServletRequest的 getRemoteAddr()的解释是这样的:
Returns the Internet Protocol (IP) address of the client or last proxy that sent the request.
所以我们就有了现在的文章顶部写到的HttpServletRequest获取用户真实IP地址的代码。
- 为什么用户真实IP地址要这样获取?
- 获取用户真实IP地址
- 获取用户真实IP地址
- Jsp获取用户真实IP地址
- javaweb_获取用户真实ip地址
- asp.net 获取用户真实IP地址
- PHP获取用户真实IP地址
- php获取用户真实IP地址
- 根据HttpServletRequest获取用户真实IP地址
- 获取用户真实的IP地址
- 根据HttpServletRequest获取用户真实IP地址
- 根据HttpServletRequest获取用户真实IP地址
- PHP获取用户的真实IP地址
- java 获取用户真实ip地址
- PHP获取用户的真实IP地址,非代理IP
- jsp如何获取用户的真实IP地址...
- ASP.NET中获取用户真实IP地址
- 最大限度获取远程用户真实IP地址
- 解除nt kernel&system占用80端口
- linux:死锁形成原因以及四个必要条件,避免死锁的方法
- 【算法 机器学习】MATLAB、R、python三种编程语言实现简单线性回归算法比较
- pentaho各版本下载地址
- java.lang.SecurityException: Permission denied (missing INTERNET permission?) 解决
- 为什么用户真实IP地址要这样获取?
- logback filter NoClassDefFoundError: ch/qos/logback/classic/Leve,org/codehaus/janino/ScriptEvaluator
- 微信公众号上传图片那些问题
- Spark调优之资源调优
- failed to open access log file D:\my11\taotao-manage-web\target\tomcat\logs\access.log
- Android开源项目大集合
- SpringMVC @RequestBody接收Json对象字符串
- HashMap
- Spring Day 1