Limiting client access using Tomcat (Engine, Host, or Context level)
If you want to limit client access at a high level such as the entire server, you will use a Tomcat valve.Tomcat has two valves that will filter traffic based on the clinet's IP address. They are the RemoteAddrValve
and the RemoteHostValve. Both of these valves are extended from RequestFilterValve.
For a discussion of how to configure Tomcat valves see http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/index.html.
To configure Tomcat in JBoss, you will need to either edit server.xml or jboss-service.xml based on JBoss version.
- For JBoss 3.2.4 and higher server.xml is found in <jboss install dir>/server/<configuration>/deploy/jbossweb-tomcat50.sar
- For JBoss 3.2.3 and lower jboss-server.xml is found in <jboss install dir>/server/<configuration>/deploy/jbossweb-tomcat41.sar/META-INF
Limiting client access using a servlet filter (Servlet or url-pattern level)
If you want to limit client access to a particular servlet or to requests that match a url pattern, you can use the servlet filter attached to this page. This requires JDK 1.4 or higher.To install, place the attached jar in your WEB-INF/lib directory. If you want to use it in multiple web applications then you can instead put it in your <jboss install>/server/<configuration>/lib directory.
There is also an attached example web.xml file that shows how to configure the filter. The main part to look at is the filter definition:
<filter>
<filter-name>RemoteHostFilter</filter-name>
<filter-class>org.jboss.remotehostfilter.RemoteHostFilter</filter-class>
<init-param>
<param-name>deny</param-name>
<param-value>150.0.0.*</param-value>
</init-param>
<init-param>
<param-name>allow</param-name>
<param-value>192.4.5.6,127.0.0.*</param-value>
</init-param>
</filter>
This filter is configured by setting the "allow" and/or "deny" properties to a comma-delimited list of regular expressions(in the syntax supported by the java.util.regex package) to which the client IP address will be compared.
Evaluation proceeds as follows:
- If there are any deny expressions configured, the IP will be compared to each expression. If a match is found, this request will be rejected with a "Forbidden" HTTP response.
- If there are any allow expressions configured, the IP will be compared to each such expression. If a match is NOT found, this request will be rejected with a "Forbidden" HTTP response.
- Otherwise, the request will continue normally.
Attachments:
| hostfilter.jar |  | 3771 bytes |
| web.xml | | 1538 bytes |
| RemoteHostFilter.java | | 5239 bytes |
| TestServlet.java | | 2592 bytes |
1026
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
