Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Give access to JSP file/folder only for particular IP address

Tags:

jsp

servlets

tomcat

ip

I made a CMS application using JSP and servlet. I am not using any kind of framework. The CMS has 2 parts:

  1. Front end
  2. Admin (Back end)

If I hosted it on www.example.com, for example, then all my frond end site will show for all users.

But www.example.com/admin must be accessible from a couple of IP addresses. Not from all the users.

I found these links:

  • link 1
  • link 2
  • Stack Overflow link

Link 1 looks bit confusing and Link 2 looks good, but I am not using JBoss.

In the Stack Overflow link they did not mention how to use it.

like image 382
KuKu Avatar asked Aug 19 '12 13:08

KuKu

Video Answer

1 Answers

As far as I understand from your question you use the Apache Tomcat as a web server. In that case use Remote Address Filter to restrict access by IP address. It allows comparing IP of the requesting client with regular expressions to either allow or prevent the request based on the results of the comparison.

If you use Tomcat 7 you need use class RemoteAddrFilter and define regular expressions for necessary IP in the application's configuration file web.xml:

<filter>
   <filter-name>Remote Address Filter</filter-name>
   <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
   <init-param>
      <param-name>allow</param-name> <!-- or deny -->
      <param-value>10\.10\.1[12]\..*</param-value> <!-- regexp for your ip adress -->
   </init-param>
</filter>
<filter-mapping>
   <filter-name>Remote Address Filter</filter-name>
   <url-pattern>*/admin</url-pattern> <!-- the url of your admin page -->
</filter-mapping>

You can use hardcoded specific IP address or regular expression patterns. But in some cases regular expressions gives you a lot of flexibility in validation of addresses.

And if you use 6 or 5 version of Tomcat you need use class RemoteAddrValve and define following line in Tomcat's configuration file server.xml:

<Valve className=”org.apache.catalina.valves.RemoteAddrValve” allow=”10\.10\.1[12]\..*”/>

or

 <Valve className="org.apache.catalina.valves.RemoteAddrValve"
    deny="86.57.158.37, 213.117.195.*, 124.86.42.*" />

More information about using request filter valves.

And interesting article about securing the administrative web apps with Tomcat.

And by the way there's convenient to not deny requests from localhost for testing. So it makes sense to add 127\.0\.0\.1 to your allowable range of IP adresses.

But don't forget that in some cases a proxy server can be used to get around the IP block. Apply also login authentication for better security.

like image 119
kapandron Avatar answered Sep 20 '22 00:09

kapandron
Sign in to Comment

Related questions

Jersey with MVC Templates and Tomcat
The attribute prefix fn does not correspond to any imported tag library
Authorization header in Http Request in linkedin
Invalid location of tag <div> in JSP
Servlet - java.lang.IllegalStateException: getWriter() has already been called for this response
How can I reuse HTML/JSP within a page?
JSP in /WEB-INF returns "HTTP Status 404 The requested resource is not available"
Where does Glassfish 2.1 stores cached JSP?
Session shared in between tabs
Video download/stream using Java servlet
How can I hide the JSP file in WEB-INF folder? [duplicate]
Redirect to custom error page if there is error in the page
Print a Duration in human readable format by EL
Maven project configuration required for module not available
Encoding problems in JSP
Place the business logic in Java Beans?
How to develop Java webapps in a Ruby on Rails-like way?
JSP EL ${stuff} syntax not working
Validating a pdf file other than its extension in javascript?
How to call a servlet on jsp page load? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!