如何区分已知IP和未知IP [英] How to distinguish between Known IP and unknown IP
问题描述
简短的答案是,您不能总是获得真实的客户端IP地址.
如果客户端拥有自己的IP地址并直接连接到服务器,则HttpServletRequest.getRemoteAddr()应该返回它.但是:
-
如果客户端的请求通过代理或反向代理到达服务器,则
getRemoteAddr()将返回第一个上游代理地址. -
如果客户端将服务器作为
localhost寻址,则请求将来自本地主机. -
如果客户端位于NAT网关或IPv4<-> IPv6桥接器之后,则可能会看到网关或桥接器的IP地址.
然后就是IP地址可能被欺骗的问题.
简而言之,依靠来了解真实客户端IP地址的安全方案通常是有问题的.
如果您的问题是由于反向代理引起的(看到127.0.0.1表示该问题),则可以让反向代理向请求添加请求标头,以说明它看到的远程IP地址.然后,服务器需要使用该标头而不是getRemoteAddr().但是,如果代理没有看到真实的客户端IP地址,那将无济于事.
i need to develop a web application that can identify a known machine and unknown by storing a pair(sourceIP,valid username) at server side for which previous login was successful.when anyone login from unknown machine how can be identified.web app is hosted in local host.is it possible to get the client ip.when retrieving client IP i get only 127.0.0.1 which is localhost.anyone having any idea...?
The short answer is that you can't always get the real client IP address.
If the client has an IP address of its own and connects directly to the server, then HttpServletRequest.getRemoteAddr() should return it. However:
If the client's requests reach the server via a proxy or reverse proxy, then
getRemoteAddr()will return the first upstream proxy address.If the client addresses the server as
localhostwhen the request will come from localhost.If the client is behind a NAT gateway or an IPv4 <-> IPv6 bridge you are liable to see the IP address of the gateway or bridge.
Then there is the problem that the IP address might be spoofed.
In short security schemes that rely on knowing the real client IP address are often problematic.
If your problem is due to a reverse proxy (and seeing 127.0.0.1 would imply that), you can have the reverse proxy add a request header to the request to say what remote IP address it saw. Then the server needs to use that header instead of getRemoteAddr(). However, that won't help if the proxy didn't see the real client IP address.
这篇关于如何区分已知IP和未知IP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
