获取当前访问客户端的真实IP地址（含内网地址）

在JSP里，获取客户端的IP地址的方法是：request.getRemoteAddr()，这种方法在大部分情况下都是有效的。但是在通过了Apache,Squid等反向代理软件就不能获取到客户端的真实IP地址了。如果使用了反向代理软件，用request.getRemoteAddr()方法获取的IP地址是：127.0.0.1或192.168.1.110或公网IP，而并不是客户端的真实ＩＰ。

//获取客户端真实的IP
public String getIRealIPAddr(HttpServletRequest request) {  
String ip = request.getHeader("x-forwarded-for");
  if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip) || "null".equalsIgnoreCase(ip))    {  
    ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)   || "null".equalsIgnoreCase(ip)) { 
  ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)    || "null".equalsIgnoreCase(ip)) {
  ip = request.getRemoteAddr();
}
return ip;
}
  
可是，如果通过了多级反向代理的话，X-Forwarded-For的值并不止一个，而是一串IP值，究竟哪个才是真正的用户端的真实IP呢？
　　答案是取X-Forwarded-For中第一个非unknown的有效IP字符串。如：
X-Forwarded-For：192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100
用户真实IP为： 192.168.1.110


jsp 中 request.getHeader() 相关详细 
 
System.out.println("Protocol: " + request.getProtocol());
System.out.println("Scheme: " + request.getScheme());
System.out.println("Server Name: " + request.getServerName() ); //获得服务器的名字
System.out.println("Server Port: " + request.getServerPort()); //获得服务器的端口号
System.out.println("rotocol: " + request.getProtocol());
System.out.println("Server Info: " + getServletConfig().getServletContext().getServerInfo());
System.out.println("Remote Addr: " + request.getRemoteAddr()); /获得客户端的ip地址
System.out.println("Remote Host: " + request.getRemoteHost()); //获得客户端电脑的名字，若失败，则返回客户端电脑的ip地址
System.out.println("Character Encoding: " + request.getCharacterEncoding());
System.out.println("Content Length: " + request.getContentLength());
System.out.println("Content Type: "+ request.getContentType());
System.out.println("Auth Type: " + request.getAuthType());
System.out.println("HTTP Method: " + request.getMethod()); //获得客户端向服务器端传送数据的方法有get、post、put等类型
System.out.println("ath Info: " + request.getPathInfo());
System.out.println("ath Trans: " + request.getPathTranslated());
System.out.println("Query String: " + request.getQueryString());
System.out.println("Remote User: " + request.getRemoteUser());
System.out.println("Session Id: " + request.getRequestedSessionId());
System.out.println("Request URI: " + request.getRequestURI());//获得发出请求字符串的客户端地址 

System.out.println("Servlet Path: " + request.getServletPath()); //获得客户端所请求的脚本文件的文件路径
System.out.println(request.getHeaderNames()); //返回所有request header的名字，结果集是一个enumeration（枚举）类的实例
System.out.println("Accept: " + request.getHeader("Accept"));
System.out.println("Host: " + request.getHeader("Host"));
System.out.println("Referer : " + request.getHeader("Referer"));
System.out.println("Accept-Language : " + request.getHeader("Accept-Language"));
System.out.println("Accept-Encoding : " + request.getHeader("Accept-Encoding"));
System.out.println("User-Agent : " + request.getHeader("User-Agent")); //返回客户端浏览器的版本号、类型
System.out.println("Connection : " + request.getHeader("Connection"));
System.out.println("Cookie : " + request.getHeader("Cookie"));
System.out.println("Created : " + session.getCreationTime());
System.out.println("LastAccessed : " + session.getLastAccessedTime());

评论

1 楼 it_like 2013-08-26  

请问：
x-forwarded-for 是什么时候加入HTTP头中的，谁哪个应用加进去的，路由吗?