tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralph Plawetzki <ra...@purejava.org>
Subject Re: Authenticate requests from localhost using tomcat RemoteAddrFilter
Date Sun, 23 Sep 2012 05:41:46 GMT
Jaikit,

Am 23.09.2012 00:04, schrieb Jaikit Savla:
> Hello Users,
> 
> I have some admin api's which I want to have restricted access - such that only if the
request originates from localhost - it will execute.
> For that I am using tomcat's RemoteAddrfilter
what exactly do you mean with admin api's?

> <filter>
>       <filter-name>Remote Address Filter</filter-name>
>       <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
>       <init-param>
>         <param-name>allow</param-name>
>         <param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value>
>       </init-param>
>     </filter>
>     <filter-mapping>
>       <filter-name>Remote Address Filter</filter-name>
>       <url-pattern>/*</url-pattern>
>     </filter-mapping>
> </filter>
see http://www.oracle.com/technetwork/java/filters-137243.html
„A filter dynamically intercepts requests and responses to transform or
use the information contained in the requests or responses.” So this Is
something that is part of a web application which is running on tomcat.

> Now when I execute the request from localhost - request fails with 403. Reason being
"REMOTE_ADDR" is set with actual ip of the machine and filter does string comparison of ip.
Hence it fails.
> Any clue on how to resolve this use case ?
> 
> 
> 
> 
> -bash-4.1$ curl -v http://localhost/ws/local/info
> * About to connect() to localhost port 80 (#0)
> *   Trying 127.0.0.1... connected
> * Connected to localhost (127.0.0.1) port 80 (#0)
>> GET /ws/local/vip/info HTTP/1.1
>> User-Agent: curl/7.21.7 (x86_64-unknown-linux-gnu) libcurl/7.21.7 OpenSSL/0.9.8o
zlib/1.2.3 libidn/1.18 libssh2/1.2.2
>> Host: localhost
>> Accept: */*
>>  
> < HTTP/1.1 403 Forbidden

I am guessing here: if you want to restrict access to your tomcat server
to certain clients, you could solve this by configuring your firewall
accordingly.

Ralph

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message