File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes request.getRemoteAddr()  127.0.0.1 ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "request.getRemoteAddr()  127.0.0.1 ?" Watch "request.getRemoteAddr()  127.0.0.1 ?" New topic
Author

request.getRemoteAddr() 127.0.0.1 ?

Kris Reid
Ranch Hand

Joined: Jan 05, 2005
Posts: 247
This should be simple but.....

Try to get a hold of the users IP address.
But request.getRemoteAddr() is returning 127.0.0.1.


And its not a local connect. It's from my game www.mobwarrior.com

Any ideas?


Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41592
    
  55
That usually means that there is a server in front of it (probably Apache); from Tomcat's perspective that's where the request is coming from. In those cases the original IP address is often passed along in a request header, called "x-forwarded-for" or something like that.


Ping & DNS - my free Android networking tools app
Kris Reid
Ranch Hand

Joined: Jan 05, 2005
Posts: 247
Tomcat is the webserver as well. There is no apache running on the domain.

Here something tricker
I just mad a JSP page to do some testing and request.getRemoteAddr() returned a remote IP.

How could this be?

I might add that in the application where I'm trying to get the IP it is a Struts2 action calls.
I implemented ServletRequestAware to get the request object.

The other thing I'm thinking is that I use filters but surly they maintain the remote IP??

Kris Reid
Ranch Hand

Joined: Jan 05, 2005
Posts: 247
OK I'm a gumby

You were right it is the "X-Forwarded-For"
request.getHeader("X-Forwarded-For")

Cheers
Cyrille Le Clerc
Greenhorn

Joined: Jul 19, 2009
Posts: 6
Hello,

Getting the IP address of the client can be tricky because each traversed proxy and load balancer adds an IP address to the multi valued, comma delimited, value of the X-Forwarded-For header (see Wikipedia X-Forwarded-For page). Moreover, web client can tweak the X-Forwarded-For with tools like Firefox Modify Headers or X-Forwarded-For Spoofer add-ons.

The forthcoming version of Apache Httpd will offer a secure mechanism to handle X-Forwarded-For with mod_remoteip.

Here are a Tomcat valve RemoteIpValve and a servlet filter XForwardedFilter to repectively integrate the X-Forwarded-For and X-Forwarded-Proto (http or https) headers at the Tomcat and WAR levels.

Thanks to these valve and filter, the actual client ip and the incoming protocol (http/https) will be available in Tomcat logs (if you use the valve) and in the servlet API (request.getRemoteAddr(), request.getRemoteHost(), request.isSecure(), request.getScheme() and request.getServerPort()).
The Tomcat RemoteIpValve has been proposed to the Tomcat Project as Bug 47330 - proposal : port of mod_remoteip in Tomcat as RemoteIpValve.

Hope thise helps,

Cyrille


Cyrille Le Clerc
cleclerc@xebia.fr, http://blog.xebia.fr/
Kris Reid
Ranch Hand

Joined: Jan 05, 2005
Posts: 247
thanks for the info Cyrille.
Cyrille Le Clerc
Greenhorn

Joined: Jul 19, 2009
Posts: 6
Hello,

The RemoteIpValve and the XForwardedFilter have been integrated in the Tomcat Project. The RemoteIpValve will be available in the forthcoming Tomcat 6.0.21 version when the XForwardedFilter has been renamed RemoteIpFilter and will be integrated in Tomcat 7.
The Google Code version of XForwardedFilter will still be interesting for people who want to integrate this features in other servlet containers (Glassfish, JBoss, Weblogic, WebSphere, etc) without importing Tomcat jars.

Cyrille.
Krem Reid
Greenhorn

Joined: Sep 07, 2009
Posts: 28
Thanks for the update Cyrille


Backlink Service - High PageRank Backlinks to have you flying up through the SERP
Cyrille Le Clerc
Greenhorn

Joined: Jul 19, 2009
Posts: 6
Hello,

The RemoteIpValve is now available in Tomcat 6.0.24. I didn't yet have the time to merge in Tomcat's documentation all the docs we wrote. If you are interested in more details about the handling of X-Forwarded-For, internal proxies, trusted proxies, X-Forwarded-Proto or scenarios to handle SSL with tomcat preceded by Apache Httpd and/or load balancers, please have a look at :
  • Google Code: RemoteIpValve
  • Tomcat : Adresse IP de l’internaute, load balancer, reverse proxy et header Http X-Forwarded-For (French but google translate friendly)
  • Tomcat, SSL, communications sécurisées et X-Forwarded-Proto (French but google translate friendly with many drawings)


  • thanks again for your interest in the RemoteIpValve,

    Cyrille
    Krem Reid
    Greenhorn

    Joined: Sep 07, 2009
    Posts: 28
    Excellent Cyrille.
    Really appreciate the update

    Andrew Swanson
    Greenhorn

    Joined: Nov 05, 2010
    Posts: 2
    Cyrille -

    Like the RemoteIpValve but have one question.

    I am using the RemoteIpValve to correctly set request.isSecure and request.scheme but I am using the "ProxyPreserveHost" Apache httpd directive so that request.serverHost and request.serverPort are correctly set in Tomcat. Is there anyway to prevent RemoteIpValve from populating the request.serverPort when it detects the presence of the $protocolHeader http header?
    Cyrille Le Clerc
    Greenhorn

    Joined: Jul 19, 2009
    Posts: 6
    Hello Andrew,

    You are right, RemoteIpValve (and RemoteIpFilter) currently override the serverPort when you specify a protocol header (e.g. x-forwarded-proto). Would you like to add a boolean configuration option override-http-server-port-with-protocol-information to disable this behavior for your use case ?

    Thanks for your interest in RemoteIpValve,

    Cyrille

    Andrew Swanson wrote:
    I am using the RemoteIpValve to correctly set request.isSecure and request.scheme but I am using the "ProxyPreserveHost" Apache httpd directive so that request.serverHost and request.serverPort are correctly set in Tomcat. Is there anyway to prevent RemoteIpValve from populating the request.serverPort when it detects the presence of the $protocolHeader http header?
    Andrew Swanson
    Greenhorn

    Joined: Nov 05, 2010
    Posts: 2
    Yes, something like that would be most helpful.

    Cyrille Le Clerc wrote:Hello Andrew,

    You are right, RemoteIpValve (and RemoteIpFilter) currently override the serverPort when you specify a protocol header (e.g. x-forwarded-proto). Would you like to add a boolean configuration option override-http-server-port-with-protocol-information to disable this behavior for your use case ?

    Thanks for your interest in RemoteIpValve,

    Cyrille

    Andrew Swanson wrote:
    I am using the RemoteIpValve to correctly set request.isSecure and request.scheme but I am using the "ProxyPreserveHost" Apache httpd directive so that request.serverHost and request.serverPort are correctly set in Tomcat. Is there anyway to prevent RemoteIpValve from populating the request.serverPort when it detects the presence of the $protocolHeader http header?
    Youdhveer Panwar
    Greenhorn

    Joined: Sep 06, 2007
    Posts: 4


    String ipAddress=request.getHeader("X-Forwarded-For");


    request.getRemoteAddr(), it may return 127.0.0.1 if apache redirection has been configured at your deployment server.

    So use whatever you like. You can see also here Client ip-address using java


    YSPanwar
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: request.getRemoteAddr() 127.0.0.1 ?