I shared is a method in Java that retrieves the IP address
of a client from an HttpServletRequest object. It checks various headers that
may contain the client’s IP address if the request is coming through a proxy or
load balancer. Here's a breakdown of how the method works:
Breakdown of the Method:
- x-forwarded-for
Header:
java
|
ip =
request.getHeader("x-forwarded-for"); |
ü
The x-forwarded-for header is commonly used by
proxies and load balancers to forward the original IP address of the client
making the request.
ü
If the request is routed through a proxy, the
actual client IP address will be in this header.
ü
If the header is null, empty, or has the value "unknown",
it proceeds to the next step.
- Proxy-Client-IP
Header:
java
|
ip =
request.getHeader("Proxy-Client-IP"); |
ü
This header is typically added by some proxies
to indicate the original client’s IP address.
ü
The method checks this header if the x-forwarded-for
header doesn’t provide a valid value.
- WL-Proxy-Client-IP
Header:
java
|
ip =
request.getHeader("WL-Proxy-Client-IP"); |
ü
The WL-Proxy-Client-IP header is used by
WebLogic servers. This is checked next if the previous headers don’t have a
valid IP.
- Fallback
to request.getRemoteAddr():
java
|
ip =
request.getRemoteAddr(); |
ü
If none of the proxy-related headers contain a
valid IP, the method falls back to request.getRemoteAddr(), which provides the
IP address directly from the request.
ü
This method gives the IP of the client directly
connected to the server, which could be the actual client or a proxy/load
balancer.
Return Value:
The method finally returns the detected IP address, whether
it was found in a header or directly from the request.
Complete Code:
java
|
public String
getIpAddr(HttpServletRequest request) { String ip =
request.getHeader("x-forwarded-for"); if(ip == null || ip.length() == 0 ||
"unknown".equalsIgnoreCase(ip)) { ip =
request.getHeader("Proxy-Client-IP"); } if(ip == null || ip.length() == 0 ||
"unknown".equalsIgnoreCase(ip)) { ip =
request.getHeader("WL-Proxy-Client-IP"); } if(ip == null || ip.length() == 0 ||
"unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } return ip; } |
Usage Considerations:
- Proxies
and Load Balancers: If the application is behind multiple proxies, the
x-forwarded-for header might contain multiple IP addresses
(comma-separated), where the first one is usually the real client IP.
- Security:
Since the headers like x-forwarded-for can be manipulated by the client,
it's important to not rely on them blindly in a high-security context.
Make sure the proxies or load balancers you trust are the ones adding
these headers.
- IPv6
Support: This method works for both IPv4 and IPv6 addresses.
Example Usage:
You can use this method in a servlet or controller to log or
handle requests based on the client's IP.
java
|
protected
void doGet(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException { String clientIp = getIpAddr(request); System.out.println("Client IP:
" + clientIp); // Additional logic based on IP address } |
 |
| To get real ip address from client request address |
0 Comments