How to block part of application based on ip filtering
Hello all im using tomcat as the web server , and i have reverse proxy that redirect to the tomcat i like to be able to restrict the users that redirected from the reverse proxy server to be able to enter only one section of the application . now i was reading the configuration and i found only the possibility to allow / deny based on ip with : org.apache.catalina.valves.RemoteAddrValve , but how can i allow from ip x to enter only section Y of the application . thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to block part of application based on ip filtering
--- On Sun, 8/24/08, Meir Yanovich [EMAIL PROTECTED] wrote: From: Meir Yanovich [EMAIL PROTECTED] Subject: How to block part of application based on ip filtering To: users@tomcat.apache.org Date: Sunday, August 24, 2008, 7:38 AM Hello all im using tomcat as the web server , and i have reverse proxy that redirect to the tomcat i like to be able to restrict the users that redirected from the reverse proxy server to be able to enter only one section of the application . now i was reading the configuration and i found only the possibility to allow / deny based on ip with : org.apache.catalina.valves.RemoteAddrValve , but how can i allow from ip x to enter only section Y of the application . thanks Hi Meir, I think the only possible approach is within the application itself since you want to limit access to certain portions of the application. You can use the request.getRemoteAddr() of the HttpServletRequest. If you store the information (URL IP) in the database, you can change it dynamically as you need to :). Also, you can log for repeated attempts of hacking ;) Regards, Tommy - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to block part of application based on ip filtering
- Original Message - From: Meir Yanovich [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Sunday, August 24, 2008 1:38 PM Subject: How to block part of application based on ip filtering Hello all im using tomcat as the web server , and i have reverse proxy that redirect to the tomcat i like to be able to restrict the users that redirected from the reverse proxy server to be able to enter only one section of the application . now i was reading the configuration and i found only the possibility to allow / deny based on ip with : org.apache.catalina.valves.RemoteAddrValve , but how can i allow from ip x to enter only section Y of the application . thanks Meir... I'm not sure TC can help you... I think this because the whole idea of a reverse proxy is that it invisible to TC... I think. ie Apache is going to make headers and all the rest look like they from a normal browser... I think Have a look at this http://www.mail-archive.com/users@tomcat.apache.org/msg46654.html May give you some idea's... that clever guy used apache to restrict access using apaches rewrites... Maybe you could do something like make apache add a special header... and then TC would know its from the proxy. There maybe someheader i'm unaware of... but idea is if you can detect a special header, then TC can reject from the servlet or ip filter... ie either do all the logic in Apache or... make apache identify that it handled it, then do it in TC... ... guessing here... I try something like this Then normal requests to TC go everywhere... Apache is a half blocked gateway... maybe ;) --- HARBOR : http://www.kewlstuff.co.za/index.htm The most powerful application server on earth. The only real POJO Application Server. See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm --- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]