Menu
I want to restrict access to certain URLs in my Tomcat webapp. Only 3 known IP addresses should be allowed access to URLs that fit a certain pattern.
e.g. http://example.com:1234/abc/personId
How can I achieve this?
850
Thanks for pointing to the great source! Oh by the way (for everyone trying this method), you have to restart your Tomcat instance for the IP restriction to take effect. Futhermore, you can replace deny by allow to only allow certain IP's rather than only blocking certain IP's.
element to tell Tomcat where to look for user accounts and password information. file, configure the security settings, including which URIs to secure, which authentication method to use (BASIC, DIGEST, FORM, or CLIENT-CERT), and whether to always use HTTPS.
To restrict login for all users, complete the following steps: Click Restrict login by IP, then click Global restrictions tab . Enter the global IP address ranges (in CIDR notation) in the Restrict global login to allowed IP range field. Click Save configuration.
Use org.apache.catalina.filters.RemoteAddrFilter and map it to the URL you wish to protect. See http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_Address_Filter for configuration details.
155
You can do that with this in server.xml:
<Valve
className="org.apache.catalina.valves.RemoteAddrValve"
deny="117.40.83.*,122.224.95.*,119.255.28.*,218.8.245.*,218.85.139.*,219.117.197.*,124.89.39.*,58.18.172.*,180.153.225.*"
/>
(these are real IP addresses: owners, you know why :-|) but as you can see it is really a blocker not an enabler. A better solution would be to put Apache HTTPD in front of it with Deny All and Allow From statements, which will let you allow only the 3 IP addresses you need to access the service.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
