Webapp security by IP range

["Cope, Jared" <ja...@afxnews.com>]

Hi,

I was wondering if it is possible to apply some webapp security that will
kick in for connections made from a certain IP range, and will not kick in
for another set of IP ranges.

The scenario is that I want users on our Intranet subnet to not have to
authenticate, but if users visit the site from their home Internet
connection then they do have to authenticate.

I can't seem to find any examples in the Tomcat manual or web that define a
security realm by IP range. Has anyone had any success with this?

Cheers, Jared.

Re: Webapp security by IP range

[Mark Thomas <ma...@apache.org>]

Cope, Jared wrote:
> I was wondering if it is possible to apply some webapp security that will
> kick in for connections made from a certain IP range, and will not kick in
> for another set of IP ranges.

How about:
  - deploy the app twice under different contexts
  - use a remote address filter valve for the internal users
  - use normal web app security for the external users

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org