You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Varley, Roger" <Ro...@brake.co.uk> on 2003/04/16 13:45:59 UTC

Restrict Access to Web App to clients with a specific IP address

Hi

I'm designing a web-app that is going to be accessed via standalone Tomcat
solely by one of our customers. Is it possible, to restrict access to the
web-app to a specific range of IP addresses from web.xml (or any other means
within Tomcat)? 

Regards
Roger

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Restrict Access to Web App to clients with a specific IP address

Posted by Gary Gwin <to...@cafesoft.com>.

There is no way to do this with Tomcat (e.g., J2ee) declarative security 
(via the deployment descriptor). However, you can do it yourself with 
J2ee programmatic security using, for example, a filter to check for the 
IP address.

 From a security purist point of view there is "some" risk in only using 
an IP address to secure a resource, as an IP address can be spoofed. 
Your risk tolerance is a function of the threat of attack vs. the value 
of the protected resource. A combined authentication AND IP address 
access rule can greatly enhance security.

Gary

Varley, Roger wrote:
> Hi
> 
> I'm designing a web-app that is going to be accessed via standalone Tomcat
> solely by one of our customers. Is it possible, to restrict access to the
> web-app to a specific range of IP addresses from web.xml (or any other means
> within Tomcat)? 
> 
> Regards
> Roger
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

-- 

Gary Gwin
http://www.cafesoft.com

*****************************************************************
*                                                               *
*   The Cafesoft Access Management System, Cams, is security    *
*   software that provides single sign-on authentication and    *
*   centralized access control for Apache, Tomcat, and custom   *
*   resources.                                                  *
*                                                               *
*****************************************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org