最近在網上搜索HttpServletRequest獲取使用者真實IP地址的程式碼後發現多數結果如下： 

public String getIpAddr(HttpServletRequest request) {
    String ip = request.getHeader("x-forwarded-for");
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
        ip = request.getHeader("Proxy-Client-IP");
    }
    if
 
 (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
        ip = request.getHeader("WL-Proxy-Client-IP");
    }
    if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
        ip = request.getRemoteAddr();
    }
    return ip;
}

我知道reqeust.getRemoteAddr()，也知道request.getHeader(String arg0); 
但我不知道： 
x-forwarded-for 是什麼？ 
Proxy-Client-IP 又是什麼？ 
WL-Proxy-Client-IP ？ 這些都是什麼？！

我只能從程式碼裡看出他們都是HTTP Headers！

然後我在stackoverflow中看到了這樣的提問： 
I need to get the IP address of the client in the JSP page. I have tried the following ways:

request.getRemoteAddr();
request.getHeader("X_FORWARDED_FOR");
request.getHeader("HTTP_CLIENT_IP");
request.getHeader("WL-Proxy-Client-IP"
 
);
request.getHeader("Proxy-Client-IP");
request.getHeader("REMOTE_ADDR");ran

看到樓下回答的人都是這麼說的： 

要麼說：Do you use reverse proxy like apache proxy? http://httpd.apache.org/docs/2.2/mod/mod_proxy.html 
When acting in a reverse-proxy mode (using the ProxyPass directive, for example), mod_proxy_http adds several request headers in order to pass information to the origin server.

或者：You may not get the real client IP if a the client is behind a proxy, you will get the IP of the proxy and not the client. However, the proxy may include the requesting client IP in a special HTTP header. 
再或者：Is your application server behind a load balancer, a proxy or a web server? 

後來這位提問者補充道：我沒有用任何proxy! 
顯然下面的回答解決了他的問題，我們先貼在這以便以後檢視。

"0:0:0:0:0:0:0:1" is the IPv6 loopback address as defined in RFC 3513.

It appears that your OS and application server are configured to use IPv6 and that you are accessing the page from the local machine.

By the way, calling getRemoteAddress() will not provide you with the IP address of the client. There could be intermediate nodes in the network whose address you might receive. This is especially true of proxies and load-balancers.

回到正題，現在有一些答案了。

看看Wikipedia如何解釋 X-Forwarded-For : 
The X-Forwarded-For (XFF) HTTP header field is a de facto standard for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer . This is an HTTP request header which was introduced by the Squid caching proxy server's developers. An effort has been started at IETF for standardizing the Forwarded HTTP header. 
The general format of the field is:

X-Forwarded-For : client, proxy1, proxy2

至於 WL-Proxy-Client-IP ，我在Oracle論壇看到了這樣的對話： 
樓主: 

Hi all, below is a brief representation of my setup 
client -> apache webserver + weblogic http plugin -> weblogic instances 
When I do a query of client IP within my application, I am getting the web server's IP address. What configuration and settings do I have to set on my webserver or weblogic in order for me to properly query the client IP ?

最佳回覆:

Hi , You may use set 'Weblogic Plug-In Enable' to true to acheive this. When the WebLogic plugin is enabled, a call to getRemoteAddr will return the address of the browser client from the proprietary WL-Proxy-Client-IP header instead of the web server. 
Hope this helps :) 
Regards.

現在大概明白這些Headers都是什麼東西了，Interface ServletRequest的 getRemoteAddr()的解釋是這樣的:

Returns the Internet Protocol (IP) address of the client or last proxy that sent the request.

所以我們就有了現在的文章頂部寫到的HttpServletRequest獲取使用者真實IP地址的程式碼。