Solved

How can my server base JSP program get a remote client's IP address ?

Posted on 2003-11-07
15
1,033 Views
Last Modified: 2008-02-01
I have a client JSP that invokes a server base JSP to do something. It works flawlessly, but now I would like to build into the server side JSP a feature that will restrict the usage of this neat little system to only a few IP numbers we trust. Unfortunately it is not as easy as I thought it would be.
I am trying to use getremoteaddr(), however it always returns 127.0.0.1 as the remote user's IP address, which is obviously incorrect.
Can anyone tell me how I can get the real IP of a remote user?

The server side JSP is on a Red Hat Linux 7.1 system, with Java 1.4, and Tomcat.
0
Comment
Question by:ablazso
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 9

Expert Comment

by:vzilka
ID: 9720301
What is your architecture? Are you using apache before your web container? which web container are you using?
0
 
LVL 4

Expert Comment

by:boxy73
ID: 9722231
Is your web server in the same machine as client? If so, are you accessing pages using localhost in the address? If so, access via IP or machine name.
0
 

Author Comment

by:ablazso
ID: 9723419
I tested from a completely different IP address(my home computer), but I still get 127.0.0.1 as the remotehostIP!
0
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

 

Author Comment

by:ablazso
ID: 9723438
Sorry, I wrote remotehostIP, I should have wrote remote client's IP!
0
 
LVL 9

Expert Comment

by:vzilka
ID: 9723445
Are you accessing the JSP directly or through a cache mechanism - like webcache or Apache?
If you access the JSP directly, then there is a bug in your servlet container, and we need to know the product you are using (to see if it is a known bug or if there is a workaround).
If you are using apache, then locking out IP addresses is handled by Apache very easily, and you don't need to write the code you are writing.

BTW - it is a great idea to use apache before your web container, usually increase performance and security...
0
 

Author Comment

by:ablazso
ID: 9723688
We use Apache on our servers, mostly because we are also using Red Hat's software fire-wall, but we are not using any cahe mechanism or webcashe as far as I know.
The 'locking out IP addresses' won't work in this case becase, as I've mentioned, my server based program needs the remote client's IP to get more info form a MySql database before proceeding.

I will be at the server location around 4:00 PM PST, then I can answer in detail to any setup questions you think would help.

In the mean time I found under Web Development Topics, JSP Area ( by seaching with keyword 'getremoteaddr') one question that I think may be pertinent to my problem. Will you please take a look at it and let me know if it is similar to my proble?
0
 
LVL 9

Expert Comment

by:vzilka
ID: 9726006
Since apache is creating the calls that arrive to your Tomcat instance, you get the localhost parameter.

Are you using mod_jk2? This should work with it.
You could be using mod_rewrite, which is not that good, and creates this issue.
You can get more information on Apache and Tomcat integration in here - http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/aphowto.html

Also, this is a reported bug on a Tomcat version that has this behavior. Which Tomcat version are you using?
http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg16345.html

0
 

Author Comment

by:ablazso
ID: 9726663
Our Tomcat version is 4.1 and Apache version is 2.0.4.0.
But, please tell me mod_jk2 and mod… rewrites are settings on Apache or Tomcat?
So, what I understand from you comments is that basically we should have the correct mod... on TomCat to cope with the fact the Apache is creating the call that arrive to our TomCat instance. Am I getting it?
0
 
LVL 9

Expert Comment

by:vzilka
ID: 9728710
mod_jk2 is an Apache configuration. I will send you more details soon.
0
 

Author Comment

by:ablazso
ID: 9728970
Thank you!
0
 
LVL 9

Expert Comment

by:vzilka
ID: 9729037
Open your httpd.conf file (APACHE\conf) and add the following line at the end of the file: Include /var/tomcat3/conf/jk/mod_jk.conf

(of course map to your correct directory :-) )

The file should contain:

# Load mod_jk module
LoadModule jk_module libexec/mod_jk.so
# Declare the module for <IfModule directive>
AddModule mod_jk.c
# Where to find workers.properties
JkWorkersFile /etc/httpd/conf/workers.properties
# Where to put jk logs
JkLogFile /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " 
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
# Send servlet for context /examples to worker named worker1
JkMount /examples/servlet/* worker1

The 2 important commands are JkWorkersFile which define the tomcat instances you are using, and JkMount is mapping the URLs to the specific tomcat instance (it is called worker in the mod_jk2 terminology).
0
 
LVL 9

Assisted Solution

by:vzilka
vzilka earned 250 total points
ID: 9729040
Also, make sure you download the library of mod_jk2 from the link I supplied above. You will also find there all relevant documentation on how to write the file workers.properties files.
0
 
LVL 2

Expert Comment

by:rootkiddy
ID: 9742314
Also keep in mind that you may not even get the client's IP address as the client may be behind a proxy server.  Then if the proxy is passing the clients IP you may have to parse a header (there are a number of different headers).
0
 
LVL 2

Accepted Solution

by:
rootkiddy earned 250 total points
ID: 9742351
I didn't catch the part about you already knowing the IP's that you trust so the previous post probably doesn't matter as you would have the IP of any proxies.
0
 

Author Comment

by:ablazso
ID: 9749786
We upgraded our Linux server and reinstalled Java, Apache and Tomcat with mod_jk2, then re-tested, lo and hehold the damn thing worked!
The remote user IP is now correct every time!

Thanks guys!
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Convert websphere application server default chained Certificates from 1024 to 2048 keysize or higher size and also you can change signatureAlgorithm . Please make sure Websphere Application Server fixpack 7.0.0.23 or Above. The following steps a…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question