tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jaikit Savla <>
Subject Authenticate requests from localhost using tomcat RemoteAddrFilter
Date Sat, 22 Sep 2012 22:04:12 GMT
Hello Users,

I have some admin api's which I want to have restricted access - such that only if the request
originates from localhost - it will execute.
For that I am using tomcat's RemoteAddrfilter

      <filter-name>Remote Address Filter</filter-name>
      <filter-name>Remote Address Filter</filter-name>

Now when I execute the request from localhost - request fails with 403. Reason being "REMOTE_ADDR"
is set with actual ip of the machine and filter does string comparison of ip. Hence it fails.
Any clue on how to resolve this use case ?

-bash-4.1$ curl -v http://localhost/ws/local/info
* About to connect() to localhost port 80 (#0)
*   Trying connected
* Connected to localhost ( port 80 (#0)
> GET /ws/local/vip/info HTTP/1.1
> User-Agent: curl/7.21.7 (x86_64-unknown-linux-gnu) libcurl/7.21.7 OpenSSL/0.9.8o zlib/1.2.3
libidn/1.18 libssh2/1.2.2
> Host: localhost
> Accept: */*
< HTTP/1.1 403 Forbidden

Appreciate any help.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message