Reputation: 759
Supporting Ip based whitelisting in Java web-service
I want to support ip based whitelisting in one of the java web-service. To implement that i have written a servlet filter in which i am verifying if the remote-machine-ip belong to the whitelisted ips. To determine the remote-machine-ip i am using the following code :-
String ipAddress = httpServletRequest.getRemoteAddr();
I want to know if there is way by which remote-machine-ip can be impersonated by the attacker without going inside the remote machine. if yes then is there a better secure way to determine the remote ip ?
Upvotes: 0
Views: 438
Answers (1)
Reputation: 18824
There is a way, however, it's not an easy way, see this answer for more details.
Remember that httpServletRequest.getRemoteAddr() will be no good if you deploy your app behind a proxy or a CDN. In that case, you'd have to check the X-FORWARDED-FOR header and then it's easy to forge that.
Upvotes: 2
Related Questions
- How to do that service wriiten in java can handle requests only from the defined ip?
- How to restrict client IP address in Java Web Application
- Webservice security
- Whitelisting a web resource using spring security
- White-listing an ip in spring project
- Web service accessible only through an IP
- Java Web-Based Firewall Authenticate
- Security with Web Services in Java
- Secure Java Web Services
- Security and authentication in web services