原文:http://blog.csdn.net/yin_jw/article/details/24470131
request.getHeader("X-Forwarded-For")可以获取透明代理背后的真实ip,但是不能获取到匿名代理背后的真实ip
可是,如果通过了多级反向代理的话,X-Forwarded-For的值并不止一个,而是一串IP值,
究竟哪个才是真正的用户端的真实IP呢?答案是取 X-Forwarded-For中第一个非unknown的有效IP字符串。
如: X-Forwarded-For:192.168.1.110, 192.168.1.120, 192.168.1.130, 192.168.1.100 用户真实IP为: 192.168.1.110
下面的方法经过测试,代码是多余的,只有getHeader("X-Forwarded-For")有结果,部分原因参考https://segmentfault.com/q/1010000000686700/revision
String ip = request.getHeader("X-Forwarded-For");
System.out.println("代理:"+ ip);
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
System.out.println("Proxy-Client-IP - String ip=" + ip);
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
System.out.println("WL-Proxy-Client-IP - String ip=" + ip);
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_CLIENT_IP");
System.out.println("HTTP_CLIENT_IP - String ip=" + ip);
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_X_FORWARDED_FOR");
System.out.println("HTTP_X_FORWARDED_FOR - String ip=" + ip);
}
}