I have not yet tried playing with firewall. I was thinking in the lines of adding capability in filter to find if the request originated from localhost. Right now it just does string comparison.
Jaikit ----- Original Message ----- From: Ralph Plawetzki <ra...@purejava.org> To: Tomcat Users List <users@tomcat.apache.org> Cc: Sent: Saturday, September 22, 2012 10:41 PM Subject: Re: Authenticate requests from localhost using tomcat RemoteAddrFilter Jaikit, Am 23.09.2012 00:04, schrieb Jaikit Savla: > Hello Users, > > I have some admin api's which I want to have restricted access - such that > only if the request originates from localhost - it will execute. > For that I am using tomcat's RemoteAddrfilter what exactly do you mean with admin api's? > <filter> > <filter-name>Remote Address Filter</filter-name> > ><filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class> > <init-param> > <param-name>allow</param-name> > <param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value> > </init-param> > </filter> > <filter-mapping> > <filter-name>Remote Address Filter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > </filter> see http://www.oracle.com/technetwork/java/filters-137243.html „A filter dynamically intercepts requests and responses to transform or use the information contained in the requests or responses.” So this Is something that is part of a web application which is running on tomcat. > Now when I execute the request from localhost - request fails with 403. > Reason being "REMOTE_ADDR" is set with actual ip of the machine and filter > does string comparison of ip. Hence it fails. > Any clue on how to resolve this use case ? > > > > > -bash-4.1$ curl -v http://localhost/ws/local/info > * About to connect() to localhost port 80 (#0) > * Trying 127.0.0.1... connected > * Connected to localhost (127.0.0.1) port 80 (#0) >> GET /ws/local/vip/info HTTP/1.1 >> User-Agent: curl/7.21.7 (x86_64-unknown-linux-gnu) libcurl/7.21.7 >> OpenSSL/0.9.8o zlib/1.2.3 libidn/1.18 libssh2/1.2.2 >> Host: localhost >> Accept: */* >> > < HTTP/1.1 403 Forbidden I am guessing here: if you want to restrict access to your tomcat server to certain clients, you could solve this by configuring your firewall accordingly. Ralph --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org