tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jaikit Savla <jaikit.sa...@yahoo.com>
Subject Authenticate requests from localhost using tomcat RemoteAddrFilter
Date Sat, 22 Sep 2012 22:04:12 GMT
Hello Users,

I have some admin api's which I want to have restricted access - such that only if the request
originates from localhost - it will execute.
For that I am using tomcat's RemoteAddrfilter

<filter>
      <filter-name>Remote Address Filter</filter-name>
      <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
      <init-param>
        <param-name>allow</param-name>
        <param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value>
      </init-param>
    </filter>
    <filter-mapping>
      <filter-name>Remote Address Filter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
</filter>

Now when I execute the request from localhost - request fails with 403. Reason being "REMOTE_ADDR"
is set with actual ip of the machine and filter does string comparison of ip. Hence it fails.
Any clue on how to resolve this use case ?




-bash-4.1$ curl -v http://localhost/ws/local/info
* About to connect() to localhost port 80 (#0)
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /ws/local/vip/info HTTP/1.1
> User-Agent: curl/7.21.7 (x86_64-unknown-linux-gnu) libcurl/7.21.7 OpenSSL/0.9.8o zlib/1.2.3
libidn/1.18 libssh2/1.2.2
> Host: localhost
> Accept: */*
> 
< HTTP/1.1 403 Forbidden

Appreciate any help.

Thanks
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message