zoukankan      html  css  js  c++  java
  • 伪造Http请求IP地址

    在项目开发中(web项目),我负责的系统(简称PC),需要调其它系统接口,并且该系统需要获取客户端(浏览器访问端)的IP地址,给我愁死了,

    正常流程:浏览器---访问PC系统----PC系统需要调第三方系统,此时默认情况下,PC发起的request请求IP地址是PC所在服务器的IP地址,而不是请求浏览器端的IP地址

    所以,就想着是否能把request里的IP地址给修改了,因为在PC系统里是能获取到请求IP地址的,结果是修改不了

    最后了解到:可以在http请求头里,追加一个头信息(名称:x-forwarded-for),它会位于原始IP地址之前,所以当第三方系统获取地址时,就获取到了真实的浏览器访问地址IP了

    代码如下:

    package com.sh.portal.framework.client.http;
    
    import java.io.IOException;
    
    import org.apache.commons.lang.StringUtils;
    import org.apache.http.HttpEntity;
    import org.apache.http.HttpResponse;
    import org.apache.http.client.config.RequestConfig;
    import org.apache.http.client.methods.HttpPost;
    import org.apache.http.entity.StringEntity;
    import org.apache.http.impl.client.CloseableHttpClient;
    import org.apache.http.impl.client.HttpClientBuilder;
    import org.apache.http.message.BasicHeader;
    import org.apache.http.protocol.HTTP;
    import org.apache.http.util.EntityUtils;
    import org.springframework.stereotype.Component;
    
    import com.sh.portal.framework.client.RemoteServerArgs;
    import com.sh.portal.framework.client.RemoteServerClient;
    import com.sh.portal.framework.client.RemoteServerResponse;
    import com.sh.portal.util.CommonUtils;
    
    
    @Component
    public class RemoteServerClientImpl implements RemoteServerClient {
        
        private static final String DEFAULT_ENCODE = "UTF-8";
        
        private static final String APPLICATION_JSON = "application/json";
        
        @Override
        public RemoteServerResponse post(RemoteServerArgs args) throws IOException {
            String ip = CommonUtils.getRequestIpAddress();
            // 创建HttpClientBuilder  
            HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
            
            // HttpClient
            CloseableHttpClient closeableHttpClient = httpClientBuilder.build();
            // 请求参数
            StringEntity entity = new StringEntity(args.getRequestJson(), DEFAULT_ENCODE);
            entity.setContentEncoding(new BasicHeader(HTTP.CONTENT_TYPE, APPLICATION_JSON));
            HttpPost httpPost = new HttpPost(args.getUrl());  
            httpPost.addHeader(HTTP.CONTENT_TYPE, APPLICATION_JSON);
            //此处区别PC终端类型
            httpPost.addHeader("typeFlg", "9");
            //此处增加浏览器端访问IP
            if(!ip.equals("")){
                httpPost.addHeader("x-forwarded-for",ip);
            }
            httpPost.setEntity(entity);
            httpPost.setConfig(RequestConfig.DEFAULT);
            
            HttpResponse httpResponse;  
            // post请求  
            httpResponse = closeableHttpClient.execute(httpPost);
            HttpEntity httpEntity = httpResponse.getEntity();
            RemoteServerResponse response;
            if (httpEntity != null) {
                response = new RemoteServerResponse(httpResponse.getStatusLine().getStatusCode(), 
                    EntityUtils.toString(httpEntity, DEFAULT_ENCODE));
            } else {
                response = new RemoteServerResponse(httpResponse.getStatusLine().getStatusCode(), 
                        StringUtils.EMPTY);
            }
            //释放资源  
            closeableHttpClient.close();  
            return response;
        }
    
    }

    原作者:https://www.cnblogs.com/holdon521/p/4686849.html
  • 相关阅读:
    bzoj1648
    bzoj3404
    bzoj1650
    bzoj1625
    bzoj1606
    bzoj1464
    bzoj1572
    bzoj1617
    bzoj1092
    bzoj1091
  • 原文地址:https://www.cnblogs.com/qi2332356/p/11022577.html
Copyright © 2011-2022 走看看