本文基于方法 HttpServletRequest.getHeader 和 HttpServletRequest.getRemoteAddr 介绍如何在服务器端获取客户端真实IP地址。
服务器端接收客户端请求的时候,一般需要进行签名验证,客户端IP限定等拦截,在进行IP限定的时候就需要获取客户端真实的IP。
request.getHeader("x-forwarded-for") : 10.47.103.13,4.2.2.2,10.96.112.230
request.getHeader("X-Real-IP") : 10.47.103.13
request.getRemoteAddr():10.96.112.230
客户端访问经过转发,IP将会追加在其后并以逗号隔开。最终准确的客户端信息为:
源码:
/**
* 获取客户端的IP地址<br/>
* 注意本地测试访问项目地址时,浏览器请求不要用 localhost,请用本机IP;否则,取不到 IP
*
* @author east7
* @date 2019年12月03日
* @return String 真实IP地址
*/
public static String getClientIpAddress(HttpServletRequest request) {
// 获取请求主机IP地址,如果通过代理进来,则透过防火墙获取真实IP地址
String headerName = "x-forwarded-for";
String ip = request.getHeader(headerName);
if (null != ip && ip.length() != 0 && !"unknown".equalsIgnoreCase(ip)) {
// 多次反向代理后会有多个IP值,第一个IP才是真实IP,它们按照英文逗号‘,‘分割
if (ip.indexOf(",") != -1) {
ip = ip.split(",")[0];
}
}
if (checkIp(ip)) {
headerName = "Proxy-Client-IP";
ip = request.getHeader(headerName);
}
if (checkIp(ip)) {
headerName = "WL-Proxy-Client-IP";
ip = request.getHeader(headerName);
}
if (checkIp(ip)) {
headerName = "HTTP_CLIENT_IP";
ip = request.getHeader(headerName);
}
if (checkIp(ip)) {
headerName = "HTTP_X_FORWARDED_FOR";
ip = request.getHeader(headerName);
}
if (checkIp(ip)) {
headerName = "X-Real-IP";
ip = request.getHeader(headerName);
}
if (checkIp(ip)) {
headerName = "remote addr";
ip = request.getRemoteAddr();
// 127.0.0.1 ipv4, 0:0:0:0:0:0:0:1 ipv6
if ("127.0.0.1".equals(ip) || "0:0:0:0:0:0:0:1".equals(ip)) {
//根据网卡取本机配置的IP
InetAddress inet = null;
try {
inet = InetAddress.getLocalHost();
} catch (UnknownHostException e) {
e.printStackTrace();
}
ip = inet.getHostAddress();
}
}
logger.info("getClientIp IP is " + ip + ", headerName = " + headerName);
return ip;
}
private static boolean checkIp(String ip) {
if (null == ip || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
return true;
}
return false;
}
原文:https://www.cnblogs.com/east7/p/11985612.html