You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Varley, Roger" <Ro...@brake.co.uk> on 2003/04/16 13:45:59 UTC
Restrict Access to Web App to clients with a specific IP address
Hi
I'm designing a web-app that is going to be accessed via standalone Tomcat
solely by one of our customers. Is it possible, to restrict access to the
web-app to a specific range of IP addresses from web.xml (or any other means
within Tomcat)?
Regards
Roger
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Restrict Access to Web App to clients with a specific IP address
Posted by Gary Gwin <to...@cafesoft.com>.
There is no way to do this with Tomcat (e.g., J2ee) declarative security
(via the deployment descriptor). However, you can do it yourself with
J2ee programmatic security using, for example, a filter to check for the
IP address.
From a security purist point of view there is "some" risk in only using
an IP address to secure a resource, as an IP address can be spoofed.
Your risk tolerance is a function of the threat of attack vs. the value
of the protected resource. A combined authentication AND IP address
access rule can greatly enhance security.
Gary
Varley, Roger wrote:
> Hi
>
> I'm designing a web-app that is going to be accessed via standalone Tomcat
> solely by one of our customers. Is it possible, to restrict access to the
> web-app to a specific range of IP addresses from web.xml (or any other means
> within Tomcat)?
>
> Regards
> Roger
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
--
Gary Gwin
http://www.cafesoft.com
*****************************************************************
* *
* The Cafesoft Access Management System, Cams, is security *
* software that provides single sign-on authentication and *
* centralized access control for Apache, Tomcat, and custom *
* resources. *
* *
*****************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org