Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a Java servlet application running within Tomcat, there is one admin command that I only want to be able to run from the machine itself (or possibly my own pc as well) for security reasons. So to enforce this I check the remote address of the HttpServletRequest that I receive but it always returns 127.0.0.1 even though the request is not coming from the local host
Why is this, can I fix it or is there an alternative way to run my admin command only from the server.
First check if the request has the ‘X-Forwarded-For’ header. If the header is set, the first IP in it should be the one you’re looking for. If the header is empty
request.getRemoteAddr()should return the correct IP.Wiki for ‘X-Forwarded-For’: http://en.wikipedia.org/wiki/X-Forwarded-For
Note that you cannot be 100% sure that you get the correct IP like this since forwarding instances are not forced to set the ‘X-Forwarded-For’ header.