Get real client IP address when using Apache reverse proxy
July 01, 2010 15:38:49 Last update: July 01, 2010 15:39:53
From Apache HTTPD docs:
When acting in a reverse-proxy mode (using the ProxyPass directive, for example), mod_proxy_http adds several request headers in order to pass information to the origin server. These headers are:
X-Forwarded-For
The IP address of the client.
X-Forwarded-Host
The original host requested by the client in the Host HTTP request header.
X-Forwarded-Server
The hostname of the proxy server.
Be careful when using these headers on the origin server, since they will contain more than one (comma-separated) value if the original request already contained one of these headers. For example, you can use %{X-Forwarded-For}i in the log format string of the origin server to log the original clients IP address, but you may get more than one address if the request passes through several proxies.
With servlet code:
The output is like:
When acting in a reverse-proxy mode (using the ProxyPass directive, for example), mod_proxy_http adds several request headers in order to pass information to the origin server. These headers are:
X-Forwarded-For
The IP address of the client.
X-Forwarded-Host
The original host requested by the client in the Host HTTP request header.
X-Forwarded-Server
The hostname of the proxy server.
Be careful when using these headers on the origin server, since they will contain more than one (comma-separated) value if the original request already contained one of these headers. For example, you can use %{X-Forwarded-For}i in the log format string of the origin server to log the original clients IP address, but you may get more than one address if the request passes through several proxies.
With servlet code:
log.info("====== Request Headers ======"); for (java.util.Enumeration e = request.getHeaderNames(); e.hasMoreElements(); ) { String name = (String) e.nextElement(); log.info(name + ": " + request.getHeader(name)); } log.info("====== Request Headers ======");
The output is like:
11:13:05,430 INFO [STDOUT] [Dispatcher] ====== Request Headers ====== 11:13:05,448 INFO [STDOUT] [Dispatcher] host: 127.0.0.1:8080 11:13:05,448 INFO [STDOUT] [Dispatcher] user-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4 ( .NET CLR 3.5.30729) 11:13:05,449 INFO [STDOUT] [Dispatcher] accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 11:13:05,450 INFO [STDOUT] [Dispatcher] accept-language: en-us,en;q=0.5 11:13:05,450 INFO [STDOUT] [Dispatcher] accept-encoding: gzip,deflate 11:13:05,451 INFO [STDOUT] [Dispatcher] accept-charset: ISO-8859-1,utf-8;q=0.7,*;q =0.7 11:13:05,451 INFO [STDOUT] [Dispatcher] cookie: JSESSIONID=C6885B64FBE22AAD6CF6BC7 B1DBEE2BA 11:13:05,451 INFO [STDOUT] [Dispatcher] x-forwarded-for: 63.166.115.40 11:13:05,452 INFO [STDOUT] [Dispatcher] x-forwarded-host: 206.67.236.100 11:13:05,453 INFO [STDOUT] [Dispatcher] x-forwarded-server: 105.1.2.12 11:13:05,453 INFO [STDOUT] [Dispatcher] connection: Keep-Alive 11:13:05,453 INFO [STDOUT] [Dispatcher] ====== Request Headers ======
