You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Jobish P <jo...@ncsi.iisc.ernet.in> on 2005/04/04 12:46:31 UTC

IP based restriction

Hi all,

I am a newbie to Tomcat. I have installed Tomcat 5.0.19 on Redhat LInux 9,
and going fine. I would like to restrict some of my directories to certain
IP's only, say a range of IP. How can I restrict access to a directory in
/tomcat/webappas/ROOT on the basis of IP ? I tried with valves, but not
sure how to restrict the restriction only to particular directories.

It will be of nice if you could provide a solution,

cheers,
-------------------------------------------------------------------------------
JOBISH P
NCSI
Indian Institute of Science
Bangalore-12
--------------------------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: IP based restriction

Posted by Tim Funk <fu...@joedog.org>.

There is nothing that restricts on a directory level. You'd need to write 
your own servlet filter.

-Tim

Jobish P wrote:

> Hi all,
> 
> I am a newbie to Tomcat. I have installed Tomcat 5.0.19 on Redhat LInux 9,
> and going fine. I would like to restrict some of my directories to certain
> IP's only, say a range of IP. How can I restrict access to a directory in
> /tomcat/webappas/ROOT on the basis of IP ? I tried with valves, but not
> sure how to restrict the restriction only to particular directories.
> 
> It will be of nice if you could provide a solution,
>  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: IP based restriction

Posted by haim <ha...@012.net.il>.

Try the following filer class
Add this to web.xml
<filter>
    <filter-name>AccessControl</filter-name>
        <filter-class>package.AccessControl</filter-class>   
  </filter>

  <filter-mapping>
    <filter-name>AccessControl</filter-name>
    <url-pattern>/directoryName/*</url-pattern>
  </filter-mapping>

import java.io.IOException;
import java.util.Properties;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @author haim
 */
public class AccessControl implements Filter {

      /* (non-Javadoc)
     * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
     */
    public void init(FilterConfig arg0) throws ServletException {
        System.out.println("Init AccessControl");
       
    }
    /**
     *  Filter the pages accessing back office by their IP address prefix.
     *  The following must be set in order to keep this filter working
     *  1. Setting of the filter in the web.xml file
     *  2. Defining address prefix in the main.properties file by 
defining the
     *        key access.filter
     *  @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, 
javax.servlet.ServletResponse, javax.servlet.FilterChain)
     */
    public void doFilter(ServletRequest request, ServletResponse 
response, FilterChain chain)
         throws IOException, ServletException {
       
          HttpServletRequest httpReq = (HttpServletRequest) request;
          HttpServletResponse httpResp = (HttpServletResponse) response;
         
          String remoteAddress=request.getRemoteAddr();
          System.out.println("Backoffice Access request from "+  
remoteAddress);
          //allow only ip's starting with 10.0.
          if(remoteAddress.startsWith("10.0.")){
             
               System.out.println("Access aproved");
               
          }else{
               System.out.println("Access rejected!");
               httpResp.sendError(HttpServletResponse.SC_FORBIDDEN);
          }
             
        /*
         * Process the rest of the filter chain, if any, and ultimately
         * the requested servlet or JSP page.
         */
          chain.doFilter(request, response);
       
    }

}

Regards
Haim
Jobish P wrote:

>Hi all,
>
>I am a newbie to Tomcat. I have installed Tomcat 5.0.19 on Redhat LInux 9,
>and going fine. I would like to restrict some of my directories to certain
>IP's only, say a range of IP. How can I restrict access to a directory in
>/tomcat/webappas/ROOT on the basis of IP ? I tried with valves, but not
>sure how to restrict the restriction only to particular directories.
>
>It will be of nice if you could provide a solution,
>
>cheers,
>-------------------------------------------------------------------------------
>JOBISH P
>NCSI
>Indian Institute of Science
>Bangalore-12
>--------------------------------------------------------------------------------
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>  
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org