堆栈内存溢出
  简体   繁体   English

Apache Proxy遮盖了HttpServletRequest对象的远程IP地址

[英]Remote IP Address for HttpServletRequest Object being obscured by Apache Proxy

 原文  2016-11-02 17:51:48       java/ apache/ proxy/ ip

问题描述

I am writing an application in Java that serves a web page with data from an underlying database. 我正在用Java编写一个应用程序,该应用程序使用来自基础数据库的数据为网页提供服务。 I am limiting access to the web page based on some IP restrictions. 我基于某些IP限制来限制对网页的访问。 Basically any IP that falls into the 'Accepted' range will be allowed to access the web page and any IP outside of this range will be redirected to an error page. 基本上,任何属于“已接受”范围的IP都将被允许访问该网页,而超出此范围的任何IP将被重定向到错误页面。 To get the IP address of the user attempting to access the page I am using the following: 要获取尝试访问该页面的用户的IP地址,我使用以下方法: 

String userIPAddress = request.getRemoteAddr();

Where 'request' is my HttpServletRequest Object. 其中“ request”是我的HttpServletRequest对象。

The issue I am running into is that this web page is being proxied through an Apache Web Server. 我遇到的问题是该网页正在通过Apache Web服务器进行代理。

When this happens, it loses the clients IP address and adopts the IP address of our firewall. 发生这种情况时,它将丢失客户端的IP地址,并采用我们防火墙的IP地址。 So when I access request.getRemoteAddr(), it will return the same IP no matter where the customer attempts to access the web page from. 因此,当我访问request.getRemoteAddr()时,无论客户从何处尝试访问网页,它都将返回相同的IP。

When accessing the web page internally via direct IP address my IP check works just fine. 当通过直接IP地址内部访问网页时,我的IP检查工作正常。 The issue presents itself when you access through the proxy. 当您通过代理访问时,就会出现此问题。

Is there anything that I can do programmatically to access the clients actual IP address? 我可以通过编程来访问客户端的实际IP地址吗? Or is this something that has to be done/changed via the Apache web server to allow this information to pass through? 还是必须通过Apache Web服务器完成/更改此信息才能通过此信息? In that case I can post to Server Fault if that would be a better forum. 在那种情况下,如果那是一个更好的论坛,我可以发布到Server Fault。

Your help is greatly appreciated. 非常感谢您的帮助。

Best Regards. 最好的祝福。

3 个解决方案

解决方案1
 2  2016-11-02 18:19:32

When acting in a reverse-proxy mode (using the ProxyPass directive, for example), Apache mod_proxy_http adds several request headers in order to pass information to the origin server, one of them being the X-Forwarded-For which will contain the IP address of the client. 在反向代理模式下运行时(例如,使用ProxyPass指令),Apache mod_proxy_http添加了几个请求标头,以便将信息传递到原始服务器,其中一个是X-Forwarded-For ,其中将包含IP地址客户。

Keep in mind that, if the original request already contained this header (which is not unusual at all), Apache will append the client IP address to existig value(s) so you will get comma+space separated list of IP addresses. 请记住,如果原始请求已经包含此标头(一点也不奇怪),Apache会将客户端IP地址附加到existig值上,这样您将获得用逗号和空格分隔的IP地址列表。 The last (rightmost) IP address is always the IP address that connects to the last proxy (your Apache), which means that is the one you want to test against. 最后(最右边)的IP地址始终是连接到最后一个代理(您的Apache)的IP地址,这就是您要测试的IP地址。

解决方案2
 0  2016-11-02 18:13:28

I don't think it is possible to do this programmatically. 我认为不可能以编程方式执行此操作。 I don't think it is even possible to change something in the Apache web server. 我认为甚至无法更改Apache Web服务器中的某些内容。

Is sounds like your firewall is masquerading incoming IP addresses. 听起来您的防火墙伪装了传入的IP地址。 I think the solution is in the configuration of your firewall. 我认为解决方案在于防火墙的配置。

解决方案3
 0  2016-11-02 18:14:28

You are able to use the AJP protocol instead of HTTP in the Apache proxy. 您可以在Apache代理中使用AJP协议而不是HTTP。

Apparently this retains the client's IP address. 显然,这保留了客户端的IP地址。 Does anyone have any ideas why? 有谁知道为什么吗?

Use: 采用: 

ProxyPass /APPLICATION_NAME ajp://IP_ADDRESS:8009/APPLICATION_NAME

Instead of: 代替: 

<Location "/APPLICATION_NAME">
    ProxyPass  http://IP_ADDRESS:8080/APPLICATION_NAME
    ProxyPassReverse http://IP_ADDRESS:8080/APPLICATION_NAME
</Location>

In the .conf proxy file. 在.conf代理文件中。

This enabled me to grab the IP from the client without it being overwritten during the proxy. 这使我能够从客户端获取IP,而不会在代理期间将其覆盖。 I did not have to change any code either. 我也不必更改任何代码。 After changing to AJP in the Apache proxy file, the following contained the correct IP address: 在Apache代理文件中更改为AJP后,以下内容包含正确的IP地址: 

String userIPAddress = request.getRemoteAddr();

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Apache Proxy-更新IP地址? - Apache proxy - update ip address? RMI:确定远程对象的IP地址 - RMI : determine the IP address of a remote object 如何在 Java HttpServletRequest 中获取客户端 Ip 地址 - How to get client Ip Address in Java HttpServletRequest Java IP地址代理 - Java ip address proxy 如何从 spring 代理 object 获取 HttpServletRequest - How to get HttpServletRequest from spring proxy object Tomcat中的HttpServletRequest.getRemoteAddr()返回IPv6格式的IP地址 - HttpServletRequest.getRemoteAddr() in Tomcat returns IPv6 formatted IP address Spring在没有javax.servlet和HttpServletRequest的情况下获取IP地址 - Spring get ip address without javax.servlet and HttpServletRequest 如何从ServletRequest而不是HTTPServletRequest获取IP地址? - How can I get the IP address from a ServletRequest, not a HTTPServletRequest ? 在代理后面获取远程地址 - Getting remote address behined a proxy 如何使用 Apache httpcomponents 从 NHttpRequestHandler 中告诉远程 IP 地址? - How do I tell the remote IP address from within NHttpRequestHandler using Apache httpcomponents?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM