tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Turner, John" <JTur...@AAS.com>
Subject RE: limiting access by IP address
Date Tue, 07 Jan 2003 17:07:02 GMT

Aw, come on, a commercial solicitation on an open source product mailing
list?  You have to be kidding me.  Training, books and seminars are one
thing, but there's no need to advertise your product here.  You can do the
same things with Valves and Filters for free.

John


> -----Original Message-----
> From: Gary Gwin [mailto:tomcat@cafesoft.com]
> Sent: Tuesday, January 07, 2003 11:59 AM
> To: Tomcat Users List
> Subject: Re: limiting access by IP address
> 
> 
> You can do this using our Cams access management product with Tomcat 
> (see http://www.cafesoft.com). The XML looks like this:
> 
>         <!-- Example 4 - allow access to only host "127.0.0.1" -->
>         <host-acr id="allow ip rule">
>             <allow-address>
>                 <address>127.0.0.1</address>
>             </allow-address>
>         </host-acr>
> 
>         <!-- Example 6 - allow access only to "localhost" -->
>         <host-acr id="allow host rule">
>             <allow-host>
>                 <host>localhost</host>
>             </allow-host>
>         </host-acr>
> 
> Note that rules based on hostnames should be considered 
> "risky" as they 
> are subject to DNS lookups resolving.
> 
> With Cams, you can also chain rules with operators. So, you 
> could make a 
> rule like:
> 
>         <!-- Allow only authenticated users with role 
> "manager" from the 
> internal LAN -->
>         <acr id=allow managers from LAN">
>             <role-constraint>
>                 <role-name>manager</role-name>
>                 
> <role-class>com.cafesoft.cams.auth.CSUserPrincipal</role-class>
>             </role-constraint>
>             <and/>
>             <allow-address>
>                 <address>192.168.0</address>
>             </allow-address>
>         </acr>
> 
> Gary
> 
> icewind wrote:
> 
> >Could anyone tell me how to limit access to a
> >particular servlet by IP address or hostname?
> >
> >Any pointer to documentation that cover this topic
> >would be appreciated.
> >
> >__________________________________________________
> >Do you Yahoo!?
> >Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> >http://mailplus.yahoo.com
> >
> >--
> >To unsubscribe, e-mail:   
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>
>
>  
>

-- 

Gary Gwin
http://www.cafesoft.com

*****************************************************************
*                                                               *
*   The Cafesoft Access Management System, Cams, is security    *
*   software that provides single sign-on authentication and    *
*   centralized access control for Apache, Tomcat, and custom   *
*   resources.                                                  *
*                                                               *
*****************************************************************



--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message