为政府做报名项目,为了安全起见,对于获取不到真实IP地址的请求,我们做了拦截,
现发现华为的部分型号手机发起的请求无法获取到IP,
求教,这个要怎么破呢?
public static String Get_ip_address(HttpServletRequest request) {
String ip = request.getHeader("X-Forwarded-For");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_CLIENT_IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("HTTP_X_FORWARDED_FOR");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip;
}
if (ip.length() > 15) {
String[] ips = ip.split(",");
for (int index = 0; index < ips.length; index++) {
String strIp = (String) ips[index];
if (!("unknown".equalsIgnoreCase(strIp))) {
return strIp;
}
}
}
return null;
}
首先调试输出下X-Forwarded-For Proxy-Client-IP WL-Proxy-Client-IP这些,或者整个输出下header的值,看看HW的浏览器有什么不同
警惕,你应该同时记录代理ip和物理ip(ip = request.getRemoteAddr(); 看上去这个是物理ip),因为前者很容易伪造。