注意:偽造Http請求IP地址一般為非推薦使用手段
一般使用:簡單投票網站重復投票,黑別人網站
在項目開發中(web項目),我負責的系統(簡稱PC),需要調其它系統接口,並且該系統需要獲取客戶端(瀏覽器訪問端)的IP地址,給我愁死了,
正常流程:瀏覽器---訪問PC系統----PC系統需要調第三方系統,此時默認情況下,PC發起的request請求IP地址是PC所在服務器的IP地址,而不是請求瀏覽器端的IP地址
所以,就想着是否能把request里的IP地址給修改了,因為在PC系統里是能獲取到請求IP地址的,結果是修改不了
最后了解到:可以在http請求頭里,追加一個頭信息(名稱:x-forwarded-for),它會位於原始IP地址之前,所以當第三方系統獲取地址時,就獲取到了真實的瀏覽器訪問地址IP了
本代碼以java為列:
X-Forwarded-For:簡稱XFF頭,它代表客戶端,也就是HTTP的請求端真實的IP,只有在通過了HTTP 代理或者負載均衡服務器時才會添加該項。
httpPost.addHeader("x-forwarded-for",ip);
詳細代碼如下:
package com.sh.portal.framework.client.http; import java.io.IOException; import org.apache.commons.lang.StringUtils; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.config.RequestConfig; import org.apache.http.client.methods.HttpPost; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.message.BasicHeader; import org.apache.http.protocol.HTTP; import org.apache.http.util.EntityUtils; import org.springframework.stereotype.Component; import com.sh.portal.framework.client.RemoteServerArgs; import com.sh.portal.framework.client.RemoteServerClient; import com.sh.portal.framework.client.RemoteServerResponse; import com.sh.portal.util.CommonUtils; @Component public class RemoteServerClientImpl implements RemoteServerClient { private static final String DEFAULT_ENCODE = "UTF-8"; private static final String APPLICATION_JSON = "application/json"; @Override public RemoteServerResponse post(RemoteServerArgs args) throws IOException { String ip = CommonUtils.getRequestIpAddress(); // 創建HttpClientBuilder HttpClientBuilder httpClientBuilder = HttpClientBuilder.create(); // HttpClient CloseableHttpClient closeableHttpClient = httpClientBuilder.build(); // 請求參數 StringEntity entity = new StringEntity(args.getRequestJson(), DEFAULT_ENCODE); entity.setContentEncoding(new BasicHeader(HTTP.CONTENT_TYPE, APPLICATION_JSON)); HttpPost httpPost = new HttpPost(args.getUrl()); httpPost.addHeader(HTTP.CONTENT_TYPE, APPLICATION_JSON); //此處區別PC終端類型 httpPost.addHeader("typeFlg", "9"); //此處增加瀏覽器端訪問IP if(!ip.equals("")){ httpPost.addHeader("x-forwarded-for",ip); } httpPost.setEntity(entity); httpPost.setConfig(RequestConfig.DEFAULT); HttpResponse httpResponse; // post請求 httpResponse = closeableHttpClient.execute(httpPost); HttpEntity httpEntity = httpResponse.getEntity(); RemoteServerResponse response; if (httpEntity != null) { response = new RemoteServerResponse(httpResponse.getStatusLine().getStatusCode(), EntityUtils.toString(httpEntity, DEFAULT_ENCODE)); } else { response = new RemoteServerResponse(httpResponse.getStatusLine().getStatusCode(), StringUtils.EMPTY); } //釋放資源 closeableHttpClient.close(); return response; } }