Reputation: 289
How to allow access to certain computers?
Is there any way I could provide access depending on the computer name . How do I specify this condition in the configuration ?
Also, is there any way to grant access depending on user id (environment variable) . I used to do this using VBA . However, since this is native microsoft product i had to simply sprecify environ . What about tomcat ?
I read this article but did not quite get it . I presume I need to use Remote Address Filter but I need to have a example code .
Upvotes: 4
Views: 161
Answers (1)
Reputation: 2209
First Point, Filtering requests based on the DNS hostname is "expensive". It forces tomcat to do a reverse DNS lookup. When the request comes up it does not comes with a DNS name, but just the IP address of client. So tomcat has to ask the system for name (or names) that corresponds to client's IP address.
If you want to accept request from specific host name, you might already know the IP address (or range of IP addresses) that correspond to the hostname. If so then you can use Remote Address Filter to set the required value (IP addresses) to it.
Second Point, Using Remote Address Filter gives a flexibility with two attributes, allow and deny.
Example:
NOTE: The IP addresses used here are just to show as example.
Suppose there is a hostname myhostname with IP address range 134.87.13.0 - 134.87.13.255.
You want to allow only this range and deny all others.
You would do a DNS lookup for this range. Say If you find it as 164.32.90.100.
Then you would configure your Valve as:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="164\.32\.90\.100, 134\.87\.13\.\d{1,3}" />
Now suppose that within the range, you want to deny a subrange 134.87.13.51 - 134.87.13.60.
Then you would configure your Valve as:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="164\.32\.90\.100, 134\.87\.13\.\d{1,3}" deny="134\.87\.13\.(5[1-9]|60)" />
Configuring dynamic values for allow and deny is possible using regular expression.
Might these details help you to solve your issue.
Edited
One Final Point, If you allow / deny range of IP addresses, you must not deny the request from "localhost". So add 127\.0\.0\.1 to your allow range.
Upvotes: 1
Related Questions
- How to restrict access by IP address with Tomcat?
- Apache Tomcat configuration: Access not authorized
- How to allow/restrict access to tomcat server for certain computer names?
- Give access to JSP file/folder only for particular IP address
- Restrict access to specific URL (Apache Tomcat)
- limit access to servlets
- How to restrict access to a Servlet via browser
- Tomcat servlet security
- Login with local access with ip
- java.security.AccessControlException: access denied exception on tomcat