You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Joshua Russell <jo...@yahoo.com> on 2003/09/09 16:29:39 UTC
Restrict access to a webapps folder based on ip
I was wondering if it was possible to restrict access to a certain
webapps folder based on the ip the packet was coming from.
So if .../webapps/app1 was for an intranet site with all ip's within a
certian range having access, and /webapps/app2 for a web-site allowing
machines with any ip.
Does this make sense to anyone? And if so is there a better solution to
hosting two applications on the same server...???Two instances of
Tomcat...different ports??
I am currently running Tomcat 4.0.6 standalone...
---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
Re: Restrict access to a webapps folder based on ip
Posted by Marco Tedone <mt...@jemos.org>.
Well, you may want to restrict the servlet access, not the folder access. It
could be accomplished by a servlet filter for instance, which allow access
only if the IP are within a certain range...
Marco
----- Original Message -----
From: "Joshua Russell" <jo...@yahoo.com>
To: <to...@jakarta.apache.org>
Sent: Tuesday, September 09, 2003 3:29 PM
Subject: Restrict access to a webapps folder based on ip
> I was wondering if it was possible to restrict access to a certain
> webapps folder based on the ip the packet was coming from.
>
> So if .../webapps/app1 was for an intranet site with all ip's within a
> certian range having access, and /webapps/app2 for a web-site allowing
> machines with any ip.
>
> Does this make sense to anyone? And if so is there a better solution to
> hosting two applications on the same server...???Two instances of
> Tomcat...different ports??
>
> I am currently running Tomcat 4.0.6 standalone...
>
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
Re: Restrict access to a webapps folder based on ip
Posted by Jon Wingfield <jo...@mkodo.com>.
Tomcat specific:
http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/valve.html
Portable:
Write a Filter which accepts/rejects based on the request ip. This could
be configured statically through init parameters within web.xml or by
JMX (or other means) on the fly ;)
caveat: ip addresses can be spoofed :(
HTH,
Jon
Joshua Russell wrote:
> I was wondering if it was possible to restrict access to a certain
> webapps folder based on the ip the packet was coming from.
>
> So if .../webapps/app1 was for an intranet site with all ip's within a
> certian range having access, and /webapps/app2 for a web-site allowing
> machines with any ip.
>
> Does this make sense to anyone? And if so is there a better solution to
> hosting two applications on the same server...???Two instances of
> Tomcat...different ports??
>
> I am currently running Tomcat 4.0.6 standalone...
>
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
Re: Restrict access to a webapps folder based on ip
Posted by Christopher Williams <cc...@ntlworld.com>.
Joshua,
Try something like the following:
import java.net.InetAddress;
import java.io.PrintWriter;
String remoteHost = request.getRemoteHost();
InetAddress clientAddr = InetAddress.getByName(remoteHost);
String dQuad = clientAddr.getHostAddress();
// Do something with the dotted quad address e.g., only allow
// local network access
if (!dQuad.startsWith("192.168.")) {
PrintWriter out = response.getWriter();
response.setContentType("text/plain");
out.println("Go to hell " + dQuad);
}
Ideally, this would be done in a filter servlet. Even more ideally, you'd
do this sort of filtering at the firewall level as your firewall will be
much better at spotting IP spoofing.
Chris.