获取用户真实IP地址,不直接使用request.getRemoteAddr();的原因是有可能用户使用了代理软件方式避免真实IP地址,可是,如果通过了多级反向代理的话,x-forwarded-for的值并不止一个,而是一串IP值,究竟哪个才是真正的用户端的真实IP呢?答案是取x-forwarded-for中第一个非unknown的有效IP字符串。
public static String getClientIP(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if ((ip == null) || (ip.length() == 0) || ("unknown".equalsIgnoreCase(ip))) {
ip = request.getHeader("Proxy-Client-IP");
}
if ((ip == null) || (ip.length() == 0) || ("unknown".equalsIgnoreCase(ip))) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if ((ip == null) || (ip.length() == 0) || ("unknown".equalsIgnoreCase(ip))) {
ip = request.getRemoteAddr();
if (ip.equals("127.0.0.1") || ip.equals("0:0:0:0:0:0:0:1")) {
try {
// 根据网卡取本机配置的IP
InetAddress inetAddress = InetAddress.getLocalHost();
ip = inetAddress.getHostAddress();
} catch (Exception e) {
e.printStackTrace();
}
}
}
// 如果多个IP取第一个
if (ip != null && ip.contains(",")) {
String[] ips = ip.split(",");
ip = ips[0];
}
return ip;
}
public static String getClientIP(ServerHttpRequest request) {
HttpHeaders headers = request.getHeaders();
String ip = headers.getFirst("x-forwarded-for");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = headers.getFirst("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = headers.getFirst("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = Optional.ofNullable(request.getRemoteAddress()).map(address -> address.getAddress().getHostAddress())
.orElse("");
if ("127.0.0.1".equals(ip) || "0:0:0:0:0:0:0:1".equals(ip)) {
// 根据网卡取本机配置的IP
try {
InetAddress inet = InetAddress.getLocalHost();
ip = inet.getHostAddress();
} catch (UnknownHostException e) {
e.printStackTrace();
}
}
}
// 对于通过多个代理的情况,第一个IP为客户端真实IP,多个IP按照','分割
if (ip != null && ip.contains(",")) {
String[] ips = ip.split(",");
ip = ips[0];
}
return ip;
}