I use some capture request for check any attack on my web application or not , today I found this (1′”5000) in my Columns That Store Src IP Send the Request , And Here What it send :
{
"destinationIP": "MY.IP.IS.HERE",
"destinationPort": 80,
"headers": {
"referer": "1'"3000",
"accept-language": "1'"6000",
"client-ip": "1'"4000",
"host": "mydomain.com",
"connection": "Keep-alive",
"x-forwarded-for": "1'"5000",
"accept-encoding": "gzip,deflate,br",
"user-agent": "1'"2000",
"via": "1'"7000",
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
},
"sourcePort": 60486,
"sourceIP": "103.161.35.121",
"requestURI": "/fonts/danapro/index/1'"1000",
"httpMethod": "GET",
"queryString": "N/A",
"parameters": {}
}
it’s The Code for get SRC IP :
private String getClientIpAddress(HttpServletRequest request) {
for (String header : TextUtils.HEADERS_TO_TRY) {
String ip = request.getHeader(header);
if (ip != null && !ip.isEmpty() && !"unknown".equalsIgnoreCase(ip)) {
return ip;
}
}
return request.getRemoteAddr();
}
And HEADER_TO_TRY :
public static final String[] HEADERS_TO_TRY = {
"X-Forwarded-For",
"Proxy-Client-IP",
"WL-Proxy-Client-IP",
"HTTP_X_FORWARDED_FOR",
"HTTP_X_FORWARDED",
"HTTP_X_CLUSTER_CLIENT_IP",
"HTTP_CLIENT_IP",
"HTTP_FORWARDED_FOR",
"HTTP_FORWARDED",
"HTTP_VIA",
"REMOTE_ADDR"
};
And Question is how can getClientIpAddress return 1′”5000 to me? and what it is?