<>springboot How to get reality in ip address

The requirement is that when the user logs in , Wrong password 5 More than times, this ip Disable , So as the title , I need to log in to the interface
Get the original request in the code ip address . Disable ip The logic has been written , The current pain point is acquisition ip address , It was this code that got me caught by the leader .

Since the projects are generally left nginx And gateway proxy , That must be Baidu , So Baidu's code is as follows :
/** * obtain ip address * * @param request * @return */ public String
getIpAddr(HttpServletRequest request) { String ip =
request.getHeader("X-Real-IP"); if (ip != null && !"".equals(ip) &&
!"unknown".equalsIgnoreCase(ip)) { return ip; } ip =
request.getHeader("X-Forwarded-For"); if (ip != null && !"".equals(ip) &&
!"unknown".equalsIgnoreCase(ip)) { int index = ip.indexOf(','); if (index !=
-1) { return ip.substring(0, index); } else { return ip; } } else { return
request.getRemoteAddr(); } }
Then I simulate 2 Tested by users ( The test result is an alias ):

* Company computer local startup service , Registered to the company development environment nacos upper , Call this login interface through the gateway
* Connect the company with another computer vpn, The remaining steps are as above .
* request.getHeader("X-Real-IP") Acquired ip Address always fixed yes :115.1.2.3
* request.getHeader("X-Forwarded-For") The obtained result is fixed as : 115.1.2.3,10.x.x.x
* The result is a string , First value and X-Real-IP Same value .
* The second value is always changing dynamically
* request.getRemoteAddr() The obtained result is fixed as : 192.168.1.10
So I wonder , First, let's take a look at the code of the company log filter, which also uses the above method , Exactly the same . So the explanation is the same .

*
Is this correct ?

After looking at the method logic, you can get the request body first realIp, Get it if you can't get it forward What ip.

Then why can I always get realIp And always fixed 1 Values , I've simulated it 2 Users logged in .

That doesn't make a difference ip Is the effect of .

So I wonder if it's this 115.1.2.3 Gateway or which server ip.

*

Why? X-Forwarded-For The first value of and realIp Same and the second value keeps changing . And what does the second value represent ip, Why is it changing all the time . Now I wonder if it's me 2 Dynamic changes of wireless network of computers ip, So I have to take the second value .

With these doubts , It's really delicious. I'll continue Baidu + Operation and maintenance of consulting company + Finally ask the leader .

The following conclusions are obtained :

*
First clear request.getRemoteAddr() You can't take this one . At first glance, it is the Intranet ip, Otherwise, it will be locked .

stay jax Warning of " Remove this code , Leave blank to not disable , Otherwise, the intranet is locked ip, And it is likely to be a user micro service cluster 2 Tabled ip, Then you can't log in " lower , I deleted this code .

And after consulting the operation and maintenance department, it was found that this fixed 192.168.1.10 It is the development environment K8S address ! That really can't be returned !

*
realIp changeless 115.1.2.3 After asking brother O & M, I knew it was true ip address ! Not an intranet address ! And is the gateway address of the company .

Then I see , Our company vpn And our computers are actually connected companies wifi, So the final request is sent through the company gateway , This gateway is not web Project gateway !

So the final addresses are the same . That's how it meets the demand ,1 Personal company 1 individual wifi, Unable to input wrong password continuously 5 Times otherwise ip Disable , Connect in other ways wifi Same thing .

*
“X-Forwarded-For” The first value is associated with realIo The same should be me only 1 Agents . There are only Nginx Agent .

therefore “X-Forwarded-For” The second value starts with the address of the proxy server .

Consulted jax And the O & M found that k8s Addresses of some containers of .

Just why this address keeps changing jax Strange, too . I tested it. It changes every time .

So the original method was right , Just get forward First value of !

“X-Forwarded-For” Literally means “ For whom ”, Formally and “Via” almost , Each time a proxy node passes by, a message will be added to the field . but “Via” The proxy host name is appended ( Or domain name ), and “X-Forwarded-For” What is added is that of the requestor
IP address . therefore , In the leftmost field IP The address is the address of the client .

“X-Real-IP” Is another way to get client authenticity IP Means of , Its function is simple , Is to record the client IP
address , No intermediate agent information , Equivalent to “X-Forwarded-For” Simplified version of . If there is only one proxy between the client and the source server , Then the values of these two fields are the same .

So the code after the final transformation is :
/** * Get real ip address , Do not return intranet address * * @param request * @return */ public String
getIpAddr(HttpServletRequest request) { // Now it's a gateway ip String ip =
request.getHeader("X-Real-IP"); if (ip != null && !"".equals(ip) &&
!"unknown".equalsIgnoreCase(ip)) { return ip; } ip =
request.getHeader("X-Forwarded-For"); if (ip != null && !"".equals(ip) &&
!"unknown".equalsIgnoreCase(ip)) { int index = ip.indexOf(','); if (index !=
-1) { // Get only the first value return ip.substring(0, index); } else { return ip; } } else {
// Can't get the truth ip Return null , Unable to return intranet address . return ""; } }
<> summary

<> Real time recording

*
2022 year 5 month 7 day 19:23:54
I have to blog a lot , Since there is a clear title , Then write it !

Technology
©2019-2020 Toolsou All rights reserved,
【C++ Must see for entry 】C++ from 0 reach 1 Introductory programming axios Interceptor packaging and use Spring Boot Interview must ask : Automatic configuration principle VMware 16 install centos 7 Detailed tutorial C Language data structure - Sequence table delete duplicates V2.0.0 The 12th Blue Bridge Cup c++b Group personal problem solving On sending data from serial port single chip microcomputer to upper computer centos7 install RabbitMqjava Polymorphic array of opencv-python Fourier transform and inverse transform