透过防火墙获取真实IP地址

透过防火墙获取真实IP地址

使用 Nginx等反向代理软件， 则不能通过 request.getRemoteAddr()获取 IP地址

如果使用了多级反向代理的话，X-Forwarded-For的值并不止一个，而是一串IP地址

X-Forwarded-For中第一个非 unknown的有效IP字符串，则为真实IP地址

public static String getIP(HttpServletRequest request){
    // 获取请求主机IP地址,如果通过代理进来，则透过防火墙获取真实IP地址
    String ip = null;
    try {
        ip = request.getHeader("x-forwarded-for");
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("Proxy-Client-IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("WL-Proxy-Client-IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("HTTP_CLIENT_IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("HTTP_X_FORWARDED_FOR");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getRemoteAddr();
            if (ip.equals("127.0.0.1")) {
                // 根据网卡取本机配置的IP
                InetAddress inet = null;
                try {
                    inet = InetAddress.getLocalHost();
                } catch (UnknownHostException e) {
                    log.error("抛出异常 # ", e);
                }
                ip = inet.getHostAddress();
            }
        }

        // 对于通过多个代理的情况，第一个IP为客户端真实IP,多个IP按照','分割
        if (ip != null && ip.length() > 15) {
            if (ip.indexOf(",") > 0) {
                ip = ip.substring(0, ip.indexOf(","));
            }
        }
    }catch (Exception ex) {
        log.error("NetworkUtil # getIpAddress # 抛出异常 # ", ex);
    }
    return ip;
}