Solved

How can my server base JSP program get a remote client's IP address ?

Posted on 2003-11-07
15
1,018 Views
Last Modified: 2008-02-01
I have a client JSP that invokes a server base JSP to do something. It works flawlessly, but now I would like to build into the server side JSP a feature that will restrict the usage of this neat little system to only a few IP numbers we trust. Unfortunately it is not as easy as I thought it would be.
I am trying to use getremoteaddr(), however it always returns 127.0.0.1 as the remote user's IP address, which is obviously incorrect.
Can anyone tell me how I can get the real IP of a remote user?

The server side JSP is on a Red Hat Linux 7.1 system, with Java 1.4, and Tomcat.
0
Comment
Question by:ablazso
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 9

Expert Comment

by:vzilka
ID: 9720301
What is your architecture? Are you using apache before your web container? which web container are you using?
0
 
LVL 4

Expert Comment

by:boxy73
ID: 9722231
Is your web server in the same machine as client? If so, are you accessing pages using localhost in the address? If so, access via IP or machine name.
0
 

Author Comment

by:ablazso
ID: 9723419
I tested from a completely different IP address(my home computer), but I still get 127.0.0.1 as the remotehostIP!
0
 

Author Comment

by:ablazso
ID: 9723438
Sorry, I wrote remotehostIP, I should have wrote remote client's IP!
0
 
LVL 9

Expert Comment

by:vzilka
ID: 9723445
Are you accessing the JSP directly or through a cache mechanism - like webcache or Apache?
If you access the JSP directly, then there is a bug in your servlet container, and we need to know the product you are using (to see if it is a known bug or if there is a workaround).
If you are using apache, then locking out IP addresses is handled by Apache very easily, and you don't need to write the code you are writing.

BTW - it is a great idea to use apache before your web container, usually increase performance and security...
0
 

Author Comment

by:ablazso
ID: 9723688
We use Apache on our servers, mostly because we are also using Red Hat's software fire-wall, but we are not using any cahe mechanism or webcashe as far as I know.
The 'locking out IP addresses' won't work in this case becase, as I've mentioned, my server based program needs the remote client's IP to get more info form a MySql database before proceeding.

I will be at the server location around 4:00 PM PST, then I can answer in detail to any setup questions you think would help.

In the mean time I found under Web Development Topics, JSP Area ( by seaching with keyword 'getremoteaddr') one question that I think may be pertinent to my problem. Will you please take a look at it and let me know if it is similar to my proble?
0
 
LVL 9

Expert Comment

by:vzilka
ID: 9726006
Since apache is creating the calls that arrive to your Tomcat instance, you get the localhost parameter.

Are you using mod_jk2? This should work with it.
You could be using mod_rewrite, which is not that good, and creates this issue.
You can get more information on Apache and Tomcat integration in here - http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/aphowto.html

Also, this is a reported bug on a Tomcat version that has this behavior. Which Tomcat version are you using?
http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg16345.html

0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:ablazso
ID: 9726663
Our Tomcat version is 4.1 and Apache version is 2.0.4.0.
But, please tell me mod_jk2 and mod… rewrites are settings on Apache or Tomcat?
So, what I understand from you comments is that basically we should have the correct mod... on TomCat to cope with the fact the Apache is creating the call that arrive to our TomCat instance. Am I getting it?
0
 
LVL 9

Expert Comment

by:vzilka
ID: 9728710
mod_jk2 is an Apache configuration. I will send you more details soon.
0
 

Author Comment

by:ablazso
ID: 9728970
Thank you!
0
 
LVL 9

Expert Comment

by:vzilka
ID: 9729037
Open your httpd.conf file (APACHE\conf) and add the following line at the end of the file: Include /var/tomcat3/conf/jk/mod_jk.conf

(of course map to your correct directory :-) )

The file should contain:

# Load mod_jk module
LoadModule jk_module libexec/mod_jk.so
# Declare the module for <IfModule directive>
AddModule mod_jk.c
# Where to find workers.properties
JkWorkersFile /etc/httpd/conf/workers.properties
# Where to put jk logs
JkLogFile /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
# Send servlet for context /examples to worker named worker1
JkMount /examples/servlet/* worker1

The 2 important commands are JkWorkersFile which define the tomcat instances you are using, and JkMount is mapping the URLs to the specific tomcat instance (it is called worker in the mod_jk2 terminology).
0
 
LVL 9

Assisted Solution

by:vzilka
vzilka earned 250 total points
ID: 9729040
Also, make sure you download the library of mod_jk2 from the link I supplied above. You will also find there all relevant documentation on how to write the file workers.properties files.
0
 
LVL 2

Expert Comment

by:rootkiddy
ID: 9742314
Also keep in mind that you may not even get the client's IP address as the client may be behind a proxy server.  Then if the proxy is passing the clients IP you may have to parse a header (there are a number of different headers).
0
 
LVL 2

Accepted Solution

by:
rootkiddy earned 250 total points
ID: 9742351
I didn't catch the part about you already knowing the IP's that you trust so the previous post probably doesn't matter as you would have the IP of any proxies.
0
 

Author Comment

by:ablazso
ID: 9749786
We upgraded our Linux server and reinstalled Java, Apache and Tomcat with mod_jk2, then re-tested, lo and hehold the damn thing worked!
The remote user IP is now correct every time!

Thanks guys!
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Convert websphere application server default chained Certificates from 1024 to 2048 keysize or higher size and also you can change signatureAlgorithm . Please make sure Websphere Application Server fixpack 7.0.0.23 or Above. The following steps a…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now