Home>Network programming tutorial>Java tutorial

Summary of Java implementation method to obtain the real IP of the client

Author:Eve Cole Update Time:2025-04-18 11:48:02

In JSP, the method to obtain the client's IP address is: request.getRemoteAddr(), which is valid in most cases. However, after passing Apache, Squid and other reverse proxy software, you cannot get the real IP address of the client. If reverse proxy software is used, the IP address obtained by using request.getRemoteAddr() method is: 127.0.0.1 or 192.168.1.110, not the real IP of the client.

After passing the proxy, since an intermediate layer is added between the client and the service, the server cannot directly obtain the client's IP, and the server-side application cannot directly return to the client through the forwarding address. However, in the HTTP header information of forwarding the request, X-FORWARDED-FOR information is added. Used to track the original client IP address and the server address requested by the original client. When we access index.jsp/, it is not that our browser actually accesses the index.jsp file on the server. Instead, the proxy server first accesses index.jsp, and the proxy server returns the accessed result to our browser. Because the proxy server accesses index.jsp, the IP obtained by the request.getRemoteAddr() method in index.jsp is actually the address of the proxy server, not the IP address of the client.

Then, a method of obtaining the real IP address of the client can be obtained:

 public String getRemortIP(HttpServletRequest request) { if (request.getHeader("x-forwarded-for") == null) { return request.getRemoteAddr(); } return request.getHeader("x-forwarded-for"); }

Method 2 to obtain the real IP address of the client:

 public String getIpAddr(HttpServletRequest request) { String ip = request.getHeader("x-forwarded-for"); if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } return ip; }

However, if a multi-level reverse proxy is passed, there is more than one value of X-Forwarded-For, but a series of IP values. Which one is the real IP of the real user side?

The answer is to take the first non-unknown valid IP string in X-Forwarded-For. like:
X-Forwarded-For: 192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100
The user's real IP is: 192.168.1.110

Related Articles