I made a CMS application using JSP and servlet. I am not using any kind of framework. The CMS has 2 parts:
If I hosted it on www.example.com
, for example, then all my frond end site will show for all users.
But www.example.com/admin
must be accessible from a couple of IP addresses. Not from all the users.
I found these links:
Link 1 looks bit confusing and Link 2 looks good, but I am not using JBoss.
In the Stack Overflow link they did not mention how to use it.
As far as I understand from your question you use the Apache Tomcat
as a web server. In that case use Remote Address Filter to restrict access by IP address. It allows comparing IP of the requesting client with regular expressions to either allow or prevent the request based on the results of the comparison.
If you use Tomcat 7 you need use class RemoteAddrFilter and define regular expressions for necessary IP in the application's configuration file web.xml
:
<filter>
<filter-name>Remote Address Filter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
<init-param>
<param-name>allow</param-name> <!-- or deny -->
<param-value>10\.10\.1[12]\..*</param-value> <!-- regexp for your ip adress -->
</init-param>
</filter>
<filter-mapping>
<filter-name>Remote Address Filter</filter-name>
<url-pattern>*/admin</url-pattern> <!-- the url of your admin page -->
</filter-mapping>
You can use hardcoded specific IP address or regular expression patterns. But in some cases regular expressions gives you a lot of flexibility in validation of addresses.
And if you use 6 or 5 version of Tomcat you need use class RemoteAddrValve and define following line in Tomcat's configuration file server.xml
:
<Valve className=”org.apache.catalina.valves.RemoteAddrValve” allow=”10\.10\.1[12]\..*”/>
or
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
deny="86.57.158.37, 213.117.195.*, 124.86.42.*" />
More information about using request filter valves.
And interesting article about securing the administrative web apps with Tomcat.
And by the way there's convenient to not deny requests from localhost
for testing. So it makes sense to add 127\.0\.0\.1
to your allowable range of IP adresses.
But don't forget that in some cases a proxy server can be used to get around the IP block. Apply also login authentication for better security.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With