CODEWITHSUNDEEP
javatomcatservlet-filterstomcat9
ever alian
ever alian

Reputation: 1060

Tomcat Remote Address Filter is not working - Tomcat 9.0.X

I'm trying to restrict the some of my application endpoints for public internet. For this I tried tomcat's Remote Address Filter. I added the filter to my application's web.xml (D:\apache-tomcat-9.0.22\webapps\myApp\WEB-INF). but it does not effect at all. I tried both <param-name>allow</param-name> <param-name>deny</param-name> and specific IP addresses of my team member, but still it is we all can access. Each time of this change, I've restarted the tomcat.

<filter>
    <filter-name>Remote Address Filter</filter-name>
    <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
    <init-param>
      <param-name>deny</param-name> <!-- Tried to block my team mate's IP -->
      <param-value>10\.142\.16\.1</param-value>  <!-- My team mates IP address -->

      <!-- param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value -->

    </init-param>
 </filter>

 <filter-mapping>
    <filter-name>Remote Address Filter</filter-name>
    <url-pattern>/myApp/context/* </url-pattern>
 </filter-mapping>

Also I tried as in documentation <param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value> but still my team mate and myself can access the pages without any problem.

My environment details>>

I've used a standalone Tomcat. Servlet engine: [Apache Tomcat/9.0.22]
Running with Spring Boot v2.1.3.RELEASE, Spring v5.1.5.RELEASE

Where could be the problem? Is there a way to find whether the web.xml changes are really reflecting?

Upvotes: 1

Views: 2219

Answers (2)

Pavan Kumar T S
Pavan Kumar T S

Reputation: 1559

One possible solution is to add restrictions in application/META-INF/context.xml. this would result in 403 for entire application. you could see the implementation in webapps\manager\META-INF of your tomcat.

<?xml version="1.0" encoding="UTF-8"?>
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
</Context>

Upvotes: 0

ever alian
ever alian

Reputation: 1060

I found the problem. The problem was with the url-pattern. We shouldn't add the application context to the url-pattern.

Now this works with below settings.

<url-pattern>/actuator/health </url-pattern>

Upvotes: 2

Related Questions