3

How can I restrict access to a specific URL (it is a Tomcat Application Server)? e.g. http://localhost:8081/application cannot be accessed by an user except a specified IP (that is the calling service)

Hardik Mishra
  • 14,779
  • 9
  • 61
  • 96
Haniball
  • 87
  • 1
  • 3
  • 11
  • This related question may help http://stackoverflow.com/questions/593922/ip-restriction-with-htaccess – Robb Jan 31 '11 at 11:37
  • This could work to, but since we're talking about Tomcat you'd need to proxy through Apache like so: http://tomcat.apache.org/connectors-doc-archive/jk2/proxy.html and also see http://httpd.apache.org/docs/1.3/mod/mod_proxy.html#access – Aaron Newton Jan 31 '11 at 12:04

2 Answers2

6

Quote:

The Remote Address filter, org.apache.catalina.valves.RemoteAddrValve, allows you to compare the IP address of the requesting client against one or more regular expressions to either allow or prevent the request from continuing based on the results of this comparison. A Remote Address filter can be associated with a Tomcat Engine, Host, or Context container. org.apache.catalina.valves.RemoteAddrValve.

http://www.oxxus.net/tutorials/tomcat/tomcat-valve.htm

So, you'd need something along the lines of 

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="<your-ip-here>"/>

For possible values, see

http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter

You should be able to set this in the WEB-INF/web.xml for your application, see

http://oreilly.com/java/archive/tomcat.html

Aaron Newton
  • 2,124
  • 1
  • 28
  • 31
  • 1
    Tomcat offers two similar classes to block or allow based on Remote IP address: [org.apache.catalina.valves.RemoteAddrValve](http://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Remote_Address_Filter) and [org.apache.catalina.filters.RemoteAddrFilter](http://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#Remote_Address_Filter). Examples in the Tomcat documentation for the latter one show how to use url-pattern. I am not sure url-pattern or filter-mapping are permitted with the first class. – MikeOnline Apr 05 '19 at 00:02
1

Goto following path: C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\Catalina\localhost\

Under this path you find "manager.xml" file.

Edit "manager.xml" file, with following content:

<Context path="/manager" debug="0" privileged="true">

      <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1,10.100.1.2"/>

      <!-- Link to the user database we will get roles from
      <ResourceLink name="users" global="UserDatabase" type="org.apache.catalina.UserDatabase"/>
        -->

</Context>

Save and run server. You got it.

NOTE :

  • 127.0.0.1 MEANS YOUR SYSTEM IP
  • 10.100.1.2 -THIS IS YOUR FRIENDS IP.
MartyIX
  • 27,828
  • 29
  • 136
  • 207
Ram Alwala
  • 11
  • 1