tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gwin <tom...@cafesoft.com>
Subject Re: limiting access by IP address
Date Tue, 07 Jan 2003 16:59:10 GMT
You can do this using our Cams access management product with Tomcat 
(see http://www.cafesoft.com). The XML looks like this:

        <!-- Example 4 - allow access to only host "127.0.0.1" -->
        <host-acr id="allow ip rule">
            <allow-address>
                <address>127.0.0.1</address>
            </allow-address>
        </host-acr>

        <!-- Example 6 - allow access only to "localhost" -->
        <host-acr id="allow host rule">
            <allow-host>
                <host>localhost</host>
            </allow-host>
        </host-acr>

Note that rules based on hostnames should be considered "risky" as they 
are subject to DNS lookups resolving.

With Cams, you can also chain rules with operators. So, you could make a 
rule like:

        <!-- Allow only authenticated users with role "manager" from the 
internal LAN -->
        <acr id=allow managers from LAN">
            <role-constraint>
                <role-name>manager</role-name>
                
<role-class>com.cafesoft.cams.auth.CSUserPrincipal</role-class>
            </role-constraint>
            <and/>
            <allow-address>
                <address>192.168.0</address>
            </allow-address>
        </acr>

Gary

icewind wrote:

>Could anyone tell me how to limit access to a
>particular servlet by IP address or hostname?
>
>Any pointer to documentation that cover this topic
>would be appreciated.
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
>http://mailplus.yahoo.com
>
>--
>To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
>
>  
>

-- 

Gary Gwin
http://www.cafesoft.com

*****************************************************************
*                                                               *
*   The Cafesoft Access Management System, Cams, is security    *
*   software that provides single sign-on authentication and    *
*   centralized access control for Apache, Tomcat, and custom   *
*   resources.                                                  *
*                                                               *
*****************************************************************



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message