Client's public IP is visible in source code
How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!
While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.
Legacy Article
You are viewing an article from our legacy "FastTrack"
publication program, made available for informational purposes. Articles
in this program were published without a requirement for independent
editing or verification and are provided"as is" without
guarantee.
Before using any information from this article, independently verify its
suitability for your situation and project.
Issue
- User is able to see their own public IP while checking the source code of a page on the Liferay portal.
Environment
- Liferay DXP 7.3
- Liferay DXP 7.4
Resolution
- The public IP is visible through the getRemoteAddr method which is used in the portal for multiple applications like Geolocation and Audit Events.
- Also, a user viewing their own public IP is not considered a vulnerability/ threat.
- The user has multiple options to check their public IP from the browser level including Google and other websites, and this way the IP is only visible to the user checking it, and not to any other user/ stranger.
Additional Information
- In some cases, the source code may display an internal IP due to misconfigured frontend servers or load balancers. For more information, see:
Did this article resolve your issue ?
