在使用Nginx或Apache等代理的情况下,需要Nginx或Apache代替客户端去访问服务器。当请求包经过反向代理后,在代理服务器这里这个IP数据包的IP包头做了修改,最终后端WEB服务器得到的数据包的头部源IP地址是代理服务器的IP地址。这样一来,后端服务器的程序就无法获取用户的真实ip。
1.nginx中配置
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
2.Apache有代理的情况
vi /usr/local/apache/conf/httpd.conf
Include conf/extra/httpd-remoteip.conf
vi /usr/local/apache/conf/extra/httpd-remoteip.conf
LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPinternalProxy 127.0.0.1
X-Real-IP 真实请求IP【Nginx中设置】
X-Forwarded-For IP链,真实IP + , + 代理IP1.... + , + 代理IPN
request.getRemoteAddr() 获取真实IP/代理IP(用户使用代理软件时无法获取真实IP)
3. 真实IP获取工具类
import javax.servlet.http.HttpServletRequest;
import java.net.InetAddress;
import java.net.UnknownHostException;
public class IPUtil {
/**
* 真是请求IP
*
* @param request
* @return
*/
public static String getRealRequestIp(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_CLIENT_IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_X_FORWARDED_FOR");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
if (null != ip && ip.contains(",")) {
ip = ip.substring(0, ip.indexOf(","));
}
return ip;
}
}
4.本机IP获取工具类
import javax.servlet.http.HttpServletRequest;
import java.net.InetAddress;
import java.net.UnknownHostException;
public class IPUtil {
/**
* 本机IP
*
* @return
* @throws UnknownHostException
*/
public static String getLocalIp() throws UnknownHostException {
return InetAddress.getLocalHost().getHostAddress();
}
}