How can my server base JSP program get a remote client's IP address ?

I have a client JSP that invokes a server base JSP to do something. It works flawlessly, but now I would like to build into the server side JSP a feature that will restrict the usage of this neat little system to only a few IP numbers we trust. Unfortunately it is not as easy as I thought it would be.
I am trying to use getremoteaddr(), however it always returns as the remote user's IP address, which is obviously incorrect.
Can anyone tell me how I can get the real IP of a remote user?

The server side JSP is on a Red Hat Linux 7.1 system, with Java 1.4, and Tomcat.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What is your architecture? Are you using apache before your web container? which web container are you using?
Is your web server in the same machine as client? If so, are you accessing pages using localhost in the address? If so, access via IP or machine name.
ablazsoAuthor Commented:
I tested from a completely different IP address(my home computer), but I still get as the remotehostIP!
The Five Tenets of the Most Secure Backup

Data loss can hit a business in any number of ways. In reality, companies should expect to lose data at some point. The challenge is having a plan to recover from such an event.

ablazsoAuthor Commented:
Sorry, I wrote remotehostIP, I should have wrote remote client's IP!
Are you accessing the JSP directly or through a cache mechanism - like webcache or Apache?
If you access the JSP directly, then there is a bug in your servlet container, and we need to know the product you are using (to see if it is a known bug or if there is a workaround).
If you are using apache, then locking out IP addresses is handled by Apache very easily, and you don't need to write the code you are writing.

BTW - it is a great idea to use apache before your web container, usually increase performance and security...
ablazsoAuthor Commented:
We use Apache on our servers, mostly because we are also using Red Hat's software fire-wall, but we are not using any cahe mechanism or webcashe as far as I know.
The 'locking out IP addresses' won't work in this case becase, as I've mentioned, my server based program needs the remote client's IP to get more info form a MySql database before proceeding.

I will be at the server location around 4:00 PM PST, then I can answer in detail to any setup questions you think would help.

In the mean time I found under Web Development Topics, JSP Area ( by seaching with keyword 'getremoteaddr') one question that I think may be pertinent to my problem. Will you please take a look at it and let me know if it is similar to my proble?
Since apache is creating the calls that arrive to your Tomcat instance, you get the localhost parameter.

Are you using mod_jk2? This should work with it.
You could be using mod_rewrite, which is not that good, and creates this issue.
You can get more information on Apache and Tomcat integration in here -

Also, this is a reported bug on a Tomcat version that has this behavior. Which Tomcat version are you using?

ablazsoAuthor Commented:
Our Tomcat version is 4.1 and Apache version is
But, please tell me mod_jk2 and mod… rewrites are settings on Apache or Tomcat?
So, what I understand from you comments is that basically we should have the correct mod... on TomCat to cope with the fact the Apache is creating the call that arrive to our TomCat instance. Am I getting it?
mod_jk2 is an Apache configuration. I will send you more details soon.
ablazsoAuthor Commented:
Thank you!
Open your httpd.conf file (APACHE\conf) and add the following line at the end of the file: Include /var/tomcat3/conf/jk/mod_jk.conf

(of course map to your correct directory :-) )

The file should contain:

# Load mod_jk module
LoadModule jk_module libexec/
# Declare the module for <IfModule directive>
AddModule mod_jk.c
# Where to find
JkWorkersFile /etc/httpd/conf/
# Where to put jk logs
JkLogFile /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " 
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
# Send servlet for context /examples to worker named worker1
JkMount /examples/servlet/* worker1

The 2 important commands are JkWorkersFile which define the tomcat instances you are using, and JkMount is mapping the URLs to the specific tomcat instance (it is called worker in the mod_jk2 terminology).
Also, make sure you download the library of mod_jk2 from the link I supplied above. You will also find there all relevant documentation on how to write the file files.
Also keep in mind that you may not even get the client's IP address as the client may be behind a proxy server.  Then if the proxy is passing the clients IP you may have to parse a header (there are a number of different headers).
I didn't catch the part about you already knowing the IP's that you trust so the previous post probably doesn't matter as you would have the IP of any proxies.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ablazsoAuthor Commented:
We upgraded our Linux server and reinstalled Java, Apache and Tomcat with mod_jk2, then re-tested, lo and hehold the damn thing worked!
The remote user IP is now correct every time!

Thanks guys!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Application Servers

From novice to tech pro — start learning today.