[Resin-interest] Network based security behind Apache (X-Forwarded-For)

2015-01-30 Thread Mattias Jiderhamn 
Duh, should have read 
http://www.caucho.com/resin-4.0/admin/security-authorization.xtp to the 
end...

- Original Message -
Subject: [Resin-interest] Network based security behind Apache 
(X-Forwarded-For)
Date: Fri, 30 Jan 2015 08:35:14 +0100
From: Mattias Jiderhamn mj-li...@expertsystems.se

Hi list. What options do I have if I want to use IP based security
behind an Apache proxy?

I want to use ip-constraint or resin:IfNetwork, but
request.getRemoteAddr() will always be the IP of the proxy, and the real
IP is in X-Forwarded-For header.
It seems I cannot put a Servlet filter in front of Resins
SecurityFilterChain (in which I could have wrapped the request and
overriden getRemoteAddr())?
Can I add custom com.caucho.rewrite.RequestPredicate implementations to
the SecurityFilterChain somehow...???

-- 

/Mattias


___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

[Resin-interest] Network based security behind Apache (X-Forwarded-For)

2015-01-29 Thread Mattias Jiderhamn 
Hi list. What options do I have if I want to use IP based security 
behind an Apache proxy?


I want to use ip-constraint or resin:IfNetwork, but 
request.getRemoteAddr() will always be the IP of the proxy, and the real 
IP is in X-Forwarded-For header.
It seems I cannot put a Servlet filter in front of Resins 
SecurityFilterChain (in which I could have wrapped the request and 
overriden getRemoteAddr())?
Can I add custom com.caucho.rewrite.RequestPredicate implementations to 
the SecurityFilterChain somehow...???


--

  /Mattias

___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest