Get Client IP Address in HttpServletRequest

By | August 4, 2018 | 54 Views

1. Problem.

This note is to improve How to get client Ip Address in Java post to friendly display to clients and related issues. The display could be shown like a figure below:

Client also want to see IP address in details as Google IP Address example:

2. Solution.

In order to get a real IP address from Http Request, it requires both extract of IP from the request and server configuration. Suppose that a web application runs on a web server like Nginx server and services written by Java that tracks where a client’s request comes from.

2.2 Extract IP from HttpServeletRequest.

Simple code could be found from references as below:

public static String getClientIP(HttpServletRequest request) {

        String remoteAddr = "";

        if (request != null) {
            remoteAddr = request.getHeader("X-FORWARDED-FOR");
            if (StringUtils.isEmpty(remoteAddr)) {
                remoteAddr = request.getRemoteAddr();
            }
        }
        return remoteAddr;
    }

2.2 Server configuration.

To find nginx configuration location on Linux OS, typing command whereis nginx for example. Here https://demo-api.domain example of nginx configuration:

server {
    server_name demo-api.domain;
    return 301 https://$server_name$request_uri;
}

server {
        listen 443;
        listen [::]:443 ssl;
        server_name demo-api.domain;

        error_log  /var/log/nginx/demo-api-error.log  warn;

        ssl on;
        ssl_certificate /path/wildcard.demo.crt;
        ssl_certificate_key /path/wildcard.demo.key;

        
        location / {
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   Host	 $http_host;
            proxy_pass         http://127.0.0.1:port;
        }

}

An issue of this configuration is Forwarded header, so client IP address always is 127.0.0.1. A following configuration to fix the issue:

...
location / {
    proxy_set_header X-Real-Ip $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header REMOTE_ADDR $remote_addr;
    proxy_pass 127.0.0.1:port;
}

2.2 Locating and identifying website visitors by IP address

Finding accurate location of website visitors to assess security threats originating from risky IP is an important feature for administration. A good example is ipstack that supports IPv4 and IPv6 lookup and easy to use. It provides both free and pricing.

Let try with ipstack API to retrieve Google IP address 172.217.22.68

https://api.ipstack.com/172.217.22.68?access_key=YOUR_ACCESS_KEY
{
    "ip": "172.217.22.68",
    "type": "ipv4",
    "continent_code": "NA",
    "continent_name": "North America",
    "country_code": "US",
    "country_name": "United States",
    "region_code": "CA",
    "region_name": "California",
    "city": "Mountain View",
    "zip": "94043",
    "latitude": 37.419200000000004,
    "longitude": -122.0574,
    "location": {
        "geoname_id": 5375480,
        "capital": "Washington D.C.",
        "languages": [
            {
                "code": "en",
                "name": "English",
                "native": "English"
            }
        ],
        "country_flag": "http:\/\/assets.ipstack.com\/flags\/us.svg",
        "country_flag_emoji": "\ud83c\uddfa\ud83c\uddf8",
        "country_flag_emoji_unicode": "U+1F1FA U+1F1F8",
        "calling_code": "1",
        "is_eu": false
    },
    "time_zone": {
        "id": "America\/Los_Angeles",
        "current_time": "2018-08-04T03:51:39-07:00",
        "gmt_offset": -25200,
        "code": "PDT",
        "is_daylight_saving": true
    },
    "currency": {
        "code": "USD",
        "name": "US Dollar",
        "plural": "US dollars",
        "symbol": "$",
        "symbol_native": "$"
    },
    "connection": {
        "asn": 15169,
        "isp": "Google LLC"
    }
}

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.