The problem is that these two functions
1) java.net.InetAddress.getAllByName (String)
and
2) javax.servlet.ServletRequest.getRemoteAddr ()
Very different. The first function is part of the standard Java runtime, and the second is implemented by your Java EE container. You are using Tomcat7 to add the optional zone parameter% 0.
On the bottom line, you should not do string comparisons by IP addresses like you do.
What you really have to do is use org.apache.catalina.filters.RemoteIpFilter . It does what you are trying to do in a certain way.
Example:
<filter> <filter-name>RemoteIpFilter</filter-name> <filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> <init-param> <param-name>allowedInternalProxies</param-name> <param-value>192\.168\.0\.10|192\.168\.0\.11</param-value> </init-param> <init-param> <param-name>remoteIpHeader</param-name> <param-value>x-forwarded-for</param-value> </init-param> <init-param> <param-name>remoteIpProxiesHeader</param-name> <param-value>x-forwarded-by</param-value> </init-param> <init-param> <param-name>protocolHeader</param-name> <param-value>x-forwarded-proto</param-value> </init-param> </filter>
See http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_IP_Filter for details.