stackoom
  简体   繁体   中英

Block access by IP Address Range on Tomcat 7 when accessing URL

 原文  2017-01-18 10:54:00       java/ tomcat

Question

How do you configure the web.xml file on tomcat/application such that the following can be achieved:

Allowed:

  • localhost/app/foo/bar/*

Disallowed:

  • localhost/app/foo

Is there a way to do it without changing the source code? Changing the web.xml file is ok.

I've read http://www.jvmhost.com/articles/block-ip-address-apache-tomcat-filter but this alone doesn't solve the problem.

I've tried the following: 

<filter>
    <filter-name>Remote IP Filter</filter-name>
    <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
    <init-param>
        <param-name>deny</param-name>
        <param-value>^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$</param-value>
    </init-param>

    <init-param>
        <param-name>denyStatus</param-name>
        <param-value>403</param-value>
    </init-param>
</filter>
<filter>
    <filter-name>Allow quickview</filter-name>
    <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
    <init-param>
        <param-name>allow</param-name>
        <param-value>^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$</param-value>
    </init-param>

    <init-param>
        <param-name>denyStatus</param-name>
        <param-value>403</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>Allow quickview</filter-name>
    <url-pattern>/foo/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>Remote IP Filter</filter-name>
    <url-pattern>/</url-pattern>
</filter-mapping>

Thanks!

2 answers

solution1
 0  2017-01-20 14:09:24

Your <url-pattern> s don't match the requirements stated in the question. You said you wanted to disallow /app/foo/* but allow /app/foo . You want this, then: 

<filter-mapping>
    <filter-name>Allow quickview</filter-name>
    <url-pattern>/foo/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>Remote IP Filter</filter-name>
    <url-pattern>/foo</url-pattern>
</filter-mapping>

solution2
 0 ACCPTED  2017-02-15 12:31:08

In the end i solved this by doing the following: 

<filter-mapping>
    <filter-name>Allow quickview</filter-name>
    <url-pattern>/foo/*</url-pattern>
</filter-mapping>

<!-- disallowed, will throw 403 -->
<filter-mapping>
    <filter-name>Remote IP Filter</filter-name>
    <url-pattern>/foo/index.jsp</url-pattern>
</filter-mapping>

The key was adding index.jsp as "/" alone does not work.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question cannot access tomcat using ip address Openshift - Access tomcat IP address with port 8080 on browser Tomcat is running on port 8080, but unable to access remotely using IP address? Tomcat is running on 8080 port but unable to access remotely using ip address? IP Address in a range validating IP address with existing range of ip address IP to URL to Address Kerberos: accessing host by IP address Is it possible to block an IP address on smartphone? Tomcat - port and url changes when accessing the deployed application
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM