apache 在用ProxyPass时会自动在header中设置X-Forwarded-For X-Forwarded-Host和X-Forwarded-Server (http://httpd.apache.org/docs/2.2/mod/mod_proxy.html)
如果tomcat后端不做设置, 在jsp中用out.println("x-forwarded-for:" + request.getHeader("x-forwarded-for") + "<br>");能获取到客户ip,
由于在用nginx做前置代理时为了https也能访问,要让out.println("x-forwarded-proto:" + request.getHeader("x-forwarded-proto") + "<br>");能获取到真实的值需要在tomcat的server.xml
中设置value:
<Valve
className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
protocolHeader="x-forwarded-proto"
/>
这样设置后的tomcat,用于Apache做前置代理时request.getHeader("x-forwarded-for")获取到null。在https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html
中有:
所有在tomcat的server.xml中设置了上述参数后会造成request.getHeader("x-forwarded-for")获取的值为null,但用request.getRemoteAddr()就能获取真实客户ip了。
另外要用request.getHeader("x-forwarded-proto")获取值需要在apache设置中加入RequestHeader set X-Forwarded-Proto "https"(在https的设置中,在http设置中用http)