Does Tomcat has a feature to filter clients by their Ip on runtime? I mean, I should be able to filter any user I want without restarting Tomcat? I just enter an Ip to a list or smt and rigth after entering that ip, that user should be filtered by tomcat.
Asked
Active
Viewed 170 times
0
-
Are asking for Web Application or Simple Java Application? – Ankur Loriya Jul 18 '13 at 11:29
-
What does filter a user mean? Restricting access by their ip address? – Stefan Jul 18 '13 at 11:52
-
Exactly, for example if a user makes more than 200 :8080 requests that ip will automatically be restricted. I have some solutions like storing requesting ips in a database and a value to keep number of requests of that ip and then denying that user or greping ips from access logs and counting requests and then denying etc. But i need a module or anything else to do this in tomcat or apache. – Hasan Bozok Jul 18 '13 at 12:00
-
Look here: http://stackoverflow.com/questions/17518200/tomcat-server-ip-address-restriction-methods/17519104#17519104 You can do similar for http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_Host_Filter – Michael Jul 18 '13 at 13:00
1 Answers
0
Tomcat does not supply a component to do request-filtering with a configuration that is modifiable at run-time. You may be able to re-configure some components via JMX, but they may not behave the way you expect.
Your best bet is to write your own component to do this kind of thing, or use something like Java ModSecurity.
Christopher Schultz
- 20,221
- 9
- 60
- 77