Java Interview-How to get the client's real IP

When developing some small games, one of the functions we often pay attention to is sharing. For sharing, we hope to have different sharing texts according to different cities or regions. If the function of identifying regions is completed by the server, we need to know the real IP of the client. Today we will see how the server obtains the real IP of the client.

[[280536]]

nginx configuration

First of all, a request can be divided into a request header and a request body, and the IP address information of our client is generally stored in the request header. If your server uses Nginx for load balancing, you need to configure the X-Real-IP and X-Forwarded-For request headers in your location:

 location ^~ /your-service/ {
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_pass http://localhost:60000/your-service/;
 }

1. X-Real-IP

In "Practical nginx", there is such a sentence:

This means that when you use nginx reverse server, you use request.getRemoteAddr() (essentially to get $remote_addr) on the web side, and you get the address of nginx, that is, the $remote_addr variable encapsulates the address of nginx, and of course you can't get the real IP of the user. However, nginx can get the real IP of the user, that is, when nginx uses the $remote_addr variable, it gets the real IP of the user. If we want to get the real IP of the user on the web side, we must make an assignment operation in nginx, that is, my configuration above:

 proxy_set_header X-Real-IP $remote_addr;

2. X-Forwarded-For

X-Forwarded-For variable, this is a non-RFC standard developed by squid to identify the client address connected to the web server through the original IP of HTTP proxy or load balancer. If X-Forwarded-For is set, there will be a record every time it is forwarded by proxy. The format is client1, proxy1, proxy2, separated by commas. Since it is a non-RFC standard, it is not available by default and needs to be added by force. By default, for requests forwarded by proxy, the remote address is the ip of the proxy end in the backend. That is to say, by default, we cannot get the user's ip using request.getAttribute("X-Forwarded-For"), if we want to get the user's ip through this variable, we need to add the configuration in nginx ourselves:

 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

It means adding a $proxy_add_x_forwarded_for to X-Forwarded-For. Note that it is adding, not overwriting. Of course, since the default X-Forwarded-For value is empty, we always feel that the value of X-Forwarded-For is equal to the value of $proxy_add_x_forwarded_for. In fact, when you build two nginx on different IPs and use this configuration, you will find that the client IP and the first nginx IP will be obtained through request.getAttribute("X-Forwarded-For") on the web server side.

3. So what is $proxy_add_x_forwarded_for?

The $proxy_add_x_forwarded_for variable contains the X-Forwarded-For and $remote_addr parts of the client request header, separated by commas.

For example, there is a web application that is forwarded by two nginx servers before it, that is, users access the web through two nginx servers.

In the first nginx, use:

 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Now the X-Forwarded-For part of the $proxy_add_x_forwarded_for variable is empty, so there is only $remote_addr, and the value of $remote_addr is the user's IP address. Therefore, after the assignment, the value of the X-Forwarded-For variable is the user's real IP address.

On the second nginx, use:

 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Now the $proxy_add_x_forwarded_for variable, the X-Forwarded-For part contains the user's real IP, and the value of the $remote_addr part is the IP address of the previous nginx. Therefore, after this assignment, the current value of X-Forwarded-For becomes "the user's real IP, the IP of the first nginx", which is clear now.

Get the real IP address of the server

The code is:

 public static String getIpAddress(HttpServletRequest request) {
 String Xip = request .getHeader("X-Real-IP");
 String XFor = request .getHeader("X-Forwarded-For");
 if (!Strings.isNullOrEmpty(XFor) && !"unKnown".equalsIgnoreCase(XFor)) {
 //After multiple reverse proxies, there will be multiple IP values, the first IP is the real IP
 int index = XFor .indexOf(",");
 if (index != -1) {
 return XFor.substring(0, index);
 } else {
 return XFor;
 }
 }
 XFor = Xip ;
 if (!Strings.isNullOrEmpty(XFor) && !"unKnown".equalsIgnoreCase(XFor)) {
 return XFor;
 }
 if (Strings.nullToEmpty(XFor).trim().isEmpty() || "unknown".equalsIgnoreCase(XFor)) {
 XFor = request .getHeader("Proxy-Client-IP");
 }
 if (Strings.nullToEmpty(XFor).trim().isEmpty() || "unknown".equalsIgnoreCase(XFor)) {
 XFor = request .getHeader("WL-Proxy-Client-IP");
 }
 if (Strings.nullToEmpty(XFor).trim().isEmpty() || "unknown".equalsIgnoreCase(XFor)) {
 XFor = request .getHeader("HTTP_CLIENT_IP");
 }
 if (Strings.nullToEmpty(XFor).trim().isEmpty() || "unknown".equalsIgnoreCase(XFor)) {
 XFor = request .getHeader("HTTP_X_FORWARDED_FOR");
 }
 if (Strings.nullToEmpty(XFor).trim().isEmpty() || "unknown".equalsIgnoreCase(XFor)) {
 XFor = request .getRemoteAddr();
 }
 return XFor;
 }

Let's take a look at the meaning of each request header:

• X-Real-IP: The nginx proxy usually adds this request header.
• X-FORWARDED-FOR: This is a field developed by Squid. It is added only when passing through an HTTP proxy or load balancing server.
• Proxy-Client-IP and WL-Proxy-Client-IP: This is usually only available for requests through the Apache http server. When using Apache http as a proxy, a Proxy-Client-IP request header is usually added, and WL-Proxy-Client-IP is a header added by its WebLogic plug-in.

HTTPCLIENTIP

Some proxy servers will add this request header. I searched online and found a saying:

Abbreviated as XFF header, it represents the client, that is, the real IP of the HTTP request end. This item is added only when passing through an HTTP proxy (such as APACHE proxy) or a load balancing server. It is not a standard request header information defined in the RFC. A detailed introduction to this item can be found in the squid cache proxy server development documentation. If there is this information, it means that you are using a proxy server, and the address is the value behind it. It can be forged. The standard format is as follows: X-Forwarded-For: client1, proxy1, proxy2