forwarded_for 项默认是为 on
,如果 forwarded_for
设成了 off 则:X-
Forwarded-For
: unknown
于是可得出获得客户端真实 IP 地址的方法二:
Java
代码
1. public String getIpAddr(HttpServletRequest request) {
2. String ip = request.getHeader("x-forwarded-for");
3.
if(ip == null || ip.length() ==
0
|| "unknown".equalsIgnoreC
ase(ip)) {
4. ip = request.getHeader("Proxy-Client-IP");
5. }
6.
if(ip == null || ip.length() ==
0
|| "unknown".equalsIgnoreC
ase(ip)) {
7. ip = request.getHeader("WL-Proxy-Client-IP");
8. }
9.
if(ip == null || ip.length() ==
0
|| "unknown".equalsIgnoreC
ase(ip)) {
10. ip = request.getRemoteAddr();
11. }
12. return ip;
13. }
可是,如果通过了多级反向代理的话,X-Forwarded-For 的值并不止一个,
而是一串 IP 值,究竟哪个才是真正的用户端的真实 IP
呢?
答案是取 X-Forwarded-For 中第一个非 unknown 的有效 IP
字符串。
如:X-Forwarded-For:192.168.1.110
, 192.168.1.120,
192.168.1.130
, 192.168.1.100 用户真实 IP
为: 192.168.1.110