In Java, you can use HttpServletRequest.getRemoteAddr() to get the client’s IP address that’s accessing your Java web application.

import javax.servlet.http.HttpServletRequest;

String ipAddress = request.getRemoteAddr();

1. Proxy Server or Cloudflare

For web application which is behind a proxy server, load balancer or the popular Cloudflare solution, you should get the client IP address via the HTTP request header X-Forwarded-For (XFF).

import javax.servlet.http.HttpServletRequest;

	private static String getClientIp(HttpServletRequest request) {

        String remoteAddr = "";

        if (request != null) {
            remoteAddr = request.getHeader("X-FORWARDED-FOR");
            if (remoteAddr == null || "".equals(remoteAddr)) {
                remoteAddr = request.getRemoteAddr();

        return remoteAddr;

2. Not working still?

Review the client’s HTTP request header, and try to identify where the IP address is stored.

    private Map<String, String> getRequestHeadersInMap(HttpServletRequest request) {

        Map<String, String> result = new HashMap<>();

        Enumeration headerNames = request.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String key = (String) headerNames.nextElement();
            String value = request.getHeader(key);
            result.put(key, value);

        return result;

Sample request headers for web application behind Cloudflare.

    "referer" :"",
    "cf-ipcountry" :"US",
    "cf-ray" :"348c7acba8a02210-EWR",
    "x-forwarded-proto" :"https",
    "accept-language" :"en-US,en;q=0.8",
    "cookie" :"__cfduid=d3c6e5d73aa55b6b42fad9600c94849851490726068; _ga=GA1.2.450731937.1490726069",

    "x-forwarded-for" :"",             // <------ This is client real IP

    "accept" :"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",

    "x-real-ip" :"",             // <------ This is cloudflare IP

    "x-forwarded-server" :"",
    "x-forwarded-host" :"",
     "cf-visitor" :"{\"scheme\":\"https\"}",
    "host" :"",
    "upgrade-insecure-requests" :"1",
    "connection" :"close",
    "cf-connecting-ip" :"",
    "accept-encoding" :"gzip",
    "user-agent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
Normally, before the web/proxy server forwards the request to the Java app server, it will store the real client IP request in a standard header name like x-forwarded-for, if you can't find the client IP in the entire request headers, try discussing it with your server administrator.


  1. Wiki X-Forwarded-For
  2. ServletRequest JavaDoc
  3. HttpServletRequest JavaDoc
  4. How to get Server IP address in Java