[英]"X_FORWARDED_FOR" Header Doesn't Present In The Request
In my web application I need to extract the real ip address for clients behind proxy, after searching I found that the possible method to do that is to read the content of "X_FORWARDED_FOR" header, I am using java servlet and the headers of the incoming request doesn't contain "X_FORWARDED_FOR" header, So why the header doesn't included in the request?在我的网络应用程序中,我需要为代理后面的客户端提取真实的 ip 地址,在搜索之后我发现可能的方法是读取“X_FORWARDED_FOR”标头的内容,我正在使用 java servlet 和传入的标头请求不包含“X_FORWARDED_FOR”标头,那么为什么标头不包含在请求中?
I am using java 1.7, tomcat v7, proxy server:TMG and configured to use "X_FORWARDED_FOR" header.我正在使用 java 1.7、tomcat v7、代理服务器:TMG 并配置为使用“X_FORWARDED_FOR”标头。
Please advice.请指教。
Thanks in advance.提前致谢。
Update:更新:
My code to read available headers:我读取可用标头的代码:
String ip = request.getHeader("X-Forwarded-For");
//return null //返回空
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); //return null } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); //return null } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_CLIENT_IP"); //return null } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("HTTP_X_FORWARDED_FOR"); //return null } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); //return proxy server IP }
X-Forwarded-For, as well as other headers you test, are custom (it is almost standard , but not quite). X-Forwarded-For 以及您测试的其他标头都是自定义的(它几乎是标准的,但不完全是)。 Proxy doesn't have to set any such header, so you'll have to test which header the proxy server will set, if any.代理不必设置任何此类标头,因此您必须测试代理服务器将设置哪个标头(如果有)。
However, if it would be set, you'd test it with但是,如果它被设置,你会测试它
request.getHeader("X-Forwarded-For");
HTTP_X_FORWARDED_FOR would be PHP naming, don't use that if you're not using PHP... HTTP_X_FORWARDED_FOR 将是 PHP 命名,如果您不使用 PHP,请不要使用它...
I would iterate all incoming headers and see if any header contains the ip.我会迭代所有传入的标头,看看是否有任何标头包含 ip。 If none of them do, you're out of luck.如果他们都不这样做,那你就不走运了。
You can iterate all headers with您可以使用迭代所有标头
enames = request.getHeaderNames();
while (enames.hasMoreElements()) {
String name = (String) enames.nextElement();
String value = request.getHeader(name);
// "name" and "value" variables contain the header + its value
}
Also note that for java apps, it is often that what gets passed to the servlet is an inner request, and you need to ask for outer request first to get an instance of httpservletrequest that has the headers.另请注意,对于 java 应用程序,传递给 servlet 的通常是内部请求,您需要先请求外部请求以获得具有标头的 httpservletrequest 实例。
Note also that even if you actually get an ip from that header, you should still think if that is usable information or not.另请注意,即使您实际上从该标头中获得了 ip,您仍然应该考虑这是否是可用信息。 some more details about it here .关于它的更多细节在这里。
This might work:这可能有效:
public static String X_FORWARDED_FOR_HEADER = "X-Forwarded-For";
public static boolean isNullOrEmpty(String val)
{
if (val == null || val.length() == 0)
{
return true;
}
return false;
}
public static String getRemoteAddress(HttpServletRequest request) {
String remoteAddr = request.getHeader(X_FORWARDED_FOR_HEADER);
if (!isNullOrEmpty(remoteAddr)) {
int pos = remoteAddr.indexOf(',');
if (pos < 0) {
return remoteAddr;
}
return remoteAddr.substring(0,pos); // if more then 1, take first one
}
return request.getRemoteAddr();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.