Menu
I am trying to restrict what URLs can be accessed on my tomcat server based on IP address. What I am trying to do is allow access to everywhere when tomcat is accessed via loopback addresses (i.e. localhost) and only allow access to certain areas for all other remote IPs. I have the following two filters in conf/web.xml but they are not behaving as I would like. Right now all remote access is being denied (not what I want) and all local access is being allowed (what I want). I can't get tomcat to allow all IP addresses to access /terms/, /help/, etc.
Any pointers greatly appreciated.
<!-- ================== Built In Filter Definitions ===================== -->
<filter>
<filter-name>Restrict Remote Filter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
<init-param>
<param-name>allow</param-name>
<param-value>\d+\.\d+\.\d+\.\d+</param-value> <!-- for any IP address, * not allowed here -->
</init-param>
</filter>
<filter-mapping>
<filter-name>Restrict Remote Filter</filter-name>
<url-pattern>/terms/*, /help/*, /messagebroker/*</url-pattern> <!-- allow access to these areas only -->
</filter-mapping>
<filter>
<filter-name>Allow Localhost Filter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
<init-param>
<param-name>allow</param-name>
<param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value> <!-- for localhost access… -->
</init-param>
</filter>
<filter-mapping>
<filter-name>Allow Localhost Filter</filter-name>
<url-pattern>/*</url-pattern> <!-- access all areas -->
</filter-mapping>
635
<url-pattern>/terms/*, /help/*, /messagebroker/*</url-pattern>
try separate url-pattern for each pattern, as far as I know, character "," (comma) is not recognized as special character, but a part of your url. Try this:
<url-pattern>/terms/*</url-pattern>
<url-pattern>/help/*</url-pattern>
<url-pattern>/messagebroker/*</url-pattern>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
