stackoom
  简体   繁体   中英

Supporting Ip based whitelisting in Java web-service

 原文  2018-12-03 03:47:22       java/ http/ security

Question

I want to support ip based whitelisting in one of the java web-service. To implement that i have written a servlet filter in which i am verifying if the remote-machine-ip belong to the whitelisted ips. To determine the remote-machine-ip i am using the following code :-
String ipAddress = httpServletRequest.getRemoteAddr();
I want to know if there is way by which remote-machine-ip can be impersonated by the attacker without going inside the remote machine. if yes then is there a better secure way to determine the remote ip ?

1 answers

solution1
 2 ACCPTED  2018-12-03 18:28:32

There is a way, however, it's not an easy way, see this answer for more details.

Remember that httpServletRequest.getRemoteAddr() will be no good if you deploy your app behind a proxy or a CDN. In that case, you'd have to check the X-FORWARDED-FOR header and then it's easy to forge that.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Responding to a web-service based on response received from another asynchronous web-service in Java Invoke web-service in Java PHP SoapClient calling Java Web-Service Java AXIS2 web-service client How to publish a java web-service publicly? Calling Web-Service / Website from Java Java Exception related to web-service call Using a Web-Service with Java Servlets Saving a file returned by web-service in java Calling a web-service in a loop in Java web application
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM