Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Give access to JSP file/folder only for particular IP address

I made a CMS application using JSP and servlet. I am not using any kind of framework. The CMS has 2 parts:

  1. Front end
  2. Admin (Back end)

If I hosted it on www.example.com, for example, then all my frond end site will show for all users.

But www.example.com/admin must be accessible from a couple of IP addresses. Not from all the users.

I found these links:

  • link 1
  • link 2
  • Stack Overflow link

Link 1 looks bit confusing and Link 2 looks good, but I am not using JBoss.

In the Stack Overflow link they did not mention how to use it.

like image 382
KuKu Avatar asked Aug 19 '12 13:08

KuKu


Video Answer


1 Answers

As far as I understand from your question you use the Apache Tomcat as a web server. In that case use Remote Address Filter to restrict access by IP address. It allows comparing IP of the requesting client with regular expressions to either allow or prevent the request based on the results of the comparison.

If you use Tomcat 7 you need use class RemoteAddrFilter and define regular expressions for necessary IP in the application's configuration file web.xml:

<filter>
   <filter-name>Remote Address Filter</filter-name>
   <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
   <init-param>
      <param-name>allow</param-name> <!-- or deny -->
      <param-value>10\.10\.1[12]\..*</param-value> <!-- regexp for your ip adress -->
   </init-param>
</filter>
<filter-mapping>
   <filter-name>Remote Address Filter</filter-name>
   <url-pattern>*/admin</url-pattern> <!-- the url of your admin page -->
</filter-mapping>

You can use hardcoded specific IP address or regular expression patterns. But in some cases regular expressions gives you a lot of flexibility in validation of addresses.

And if you use 6 or 5 version of Tomcat you need use class RemoteAddrValve and define following line in Tomcat's configuration file server.xml:

<Valve className=”org.apache.catalina.valves.RemoteAddrValve” allow=”10\.10\.1[12]\..*”/> 

or

 <Valve className="org.apache.catalina.valves.RemoteAddrValve"
    deny="86.57.158.37, 213.117.195.*, 124.86.42.*" /> 

More information about using request filter valves.

And interesting article about securing the administrative web apps with Tomcat.

And by the way there's convenient to not deny requests from localhost for testing. So it makes sense to add 127\.0\.0\.1 to your allowable range of IP adresses.

But don't forget that in some cases a proxy server can be used to get around the IP block. Apply also login authentication for better security.

like image 119
kapandron Avatar answered Sep 20 '22 00:09

kapandron