ablazso
asked on
How can my server base JSP program get a remote client's IP address ?
I have a client JSP that invokes a server base JSP to do something. It works flawlessly, but now I would like to build into the server side JSP a feature that will restrict the usage of this neat little system to only a few IP numbers we trust. Unfortunately it is not as easy as I thought it would be.
I am trying to use getremoteaddr(), however it always returns 127.0.0.1 as the remote user's IP address, which is obviously incorrect.
Can anyone tell me how I can get the real IP of a remote user?
The server side JSP is on a Red Hat Linux 7.1 system, with Java 1.4, and Tomcat.
I am trying to use getremoteaddr(), however it always returns 127.0.0.1 as the remote user's IP address, which is obviously incorrect.
Can anyone tell me how I can get the real IP of a remote user?
The server side JSP is on a Red Hat Linux 7.1 system, with Java 1.4, and Tomcat.
What is your architecture? Are you using apache before your web container? which web container are you using?
Is your web server in the same machine as client? If so, are you accessing pages using localhost in the address? If so, access via IP or machine name.
ASKER
I tested from a completely different IP address(my home computer), but I still get 127.0.0.1 as the remotehostIP!
ASKER
Sorry, I wrote remotehostIP, I should have wrote remote client's IP!
Are you accessing the JSP directly or through a cache mechanism - like webcache or Apache?
If you access the JSP directly, then there is a bug in your servlet container, and we need to know the product you are using (to see if it is a known bug or if there is a workaround).
If you are using apache, then locking out IP addresses is handled by Apache very easily, and you don't need to write the code you are writing.
BTW - it is a great idea to use apache before your web container, usually increase performance and security...
If you access the JSP directly, then there is a bug in your servlet container, and we need to know the product you are using (to see if it is a known bug or if there is a workaround).
If you are using apache, then locking out IP addresses is handled by Apache very easily, and you don't need to write the code you are writing.
BTW - it is a great idea to use apache before your web container, usually increase performance and security...
ASKER
We use Apache on our servers, mostly because we are also using Red Hat's software fire-wall, but we are not using any cahe mechanism or webcashe as far as I know.
The 'locking out IP addresses' won't work in this case becase, as I've mentioned, my server based program needs the remote client's IP to get more info form a MySql database before proceeding.
I will be at the server location around 4:00 PM PST, then I can answer in detail to any setup questions you think would help.
In the mean time I found under Web Development Topics, JSP Area ( by seaching with keyword 'getremoteaddr') one question that I think may be pertinent to my problem. Will you please take a look at it and let me know if it is similar to my proble?
The 'locking out IP addresses' won't work in this case becase, as I've mentioned, my server based program needs the remote client's IP to get more info form a MySql database before proceeding.
I will be at the server location around 4:00 PM PST, then I can answer in detail to any setup questions you think would help.
In the mean time I found under Web Development Topics, JSP Area ( by seaching with keyword 'getremoteaddr') one question that I think may be pertinent to my problem. Will you please take a look at it and let me know if it is similar to my proble?
Since apache is creating the calls that arrive to your Tomcat instance, you get the localhost parameter.
Are you using mod_jk2? This should work with it.
You could be using mod_rewrite, which is not that good, and creates this issue.
You can get more information on Apache and Tomcat integration in here - http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/aphowto.html
Also, this is a reported bug on a Tomcat version that has this behavior. Which Tomcat version are you using?
http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg16345.html
Are you using mod_jk2? This should work with it.
You could be using mod_rewrite, which is not that good, and creates this issue.
You can get more information on Apache and Tomcat integration in here - http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/aphowto.html
Also, this is a reported bug on a Tomcat version that has this behavior. Which Tomcat version are you using?
http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg16345.html
ASKER
Our Tomcat version is 4.1 and Apache version is 2.0.4.0.
But, please tell me mod_jk2 and mod… rewrites are settings on Apache or Tomcat?
So, what I understand from you comments is that basically we should have the correct mod... on TomCat to cope with the fact the Apache is creating the call that arrive to our TomCat instance. Am I getting it?
But, please tell me mod_jk2 and mod… rewrites are settings on Apache or Tomcat?
So, what I understand from you comments is that basically we should have the correct mod... on TomCat to cope with the fact the Apache is creating the call that arrive to our TomCat instance. Am I getting it?
mod_jk2 is an Apache configuration. I will send you more details soon.
ASKER
Thank you!
Open your httpd.conf file (APACHE\conf) and add the following line at the end of the file: Include /var/tomcat3/conf/jk/mod_j
(of course map to your correct directory :-) )
The file should contain:
# Load mod_jk module
LoadModule jk_module libexec/mod_jk.so
# Declare the module for <IfModule directive>
AddModule mod_jk.c
# Where to find workers.properties
JkWorkersFile /etc/httpd/conf/workers.pr
# Where to put jk logs
JkLogFile /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
# Send servlet for context /examples to worker named worker1
JkMount /examples/servlet/* worker1
The 2 important commands are JkWorkersFile which define the tomcat instances you are using, and JkMount is mapping the URLs to the specific tomcat instance (it is called worker in the mod_jk2 terminology).
(of course map to your correct directory :-) )
The file should contain:
# Load mod_jk module
LoadModule jk_module libexec/mod_jk.so
# Declare the module for <IfModule directive>
AddModule mod_jk.c
# Where to find workers.properties
JkWorkersFile /etc/httpd/conf/workers.pr
# Where to put jk logs
JkLogFile /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
# Send servlet for context /examples to worker named worker1
JkMount /examples/servlet/* worker1
The 2 important commands are JkWorkersFile which define the tomcat instances you are using, and JkMount is mapping the URLs to the specific tomcat instance (it is called worker in the mod_jk2 terminology).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also keep in mind that you may not even get the client's IP address as the client may be behind a proxy server. Then if the proxy is passing the clients IP you may have to parse a header (there are a number of different headers).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We upgraded our Linux server and reinstalled Java, Apache and Tomcat with mod_jk2, then re-tested, lo and hehold the damn thing worked!
The remote user IP is now correct every time!
Thanks guys!
The remote user IP is now correct every time!
Thanks guys!