Hello Users, I have some admin api's which I want to have restricted access - such that only if the request originates from localhost - it will execute. For that I am using tomcat's RemoteAddrfilter
<filter> <filter-name>Remote Address Filter</filter-name> <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class> <init-param> <param-name>allow</param-name> <param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value> </init-param> </filter> <filter-mapping> <filter-name>Remote Address Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </filter> Now when I execute the request from localhost - request fails with 403. Reason being "REMOTE_ADDR" is set with actual ip of the machine and filter does string comparison of ip. Hence it fails. Any clue on how to resolve this use case ? -bash-4.1$ curl -v http://localhost/ws/local/info * About to connect() to localhost port 80 (#0) * Trying 127.0.0.1... connected * Connected to localhost (127.0.0.1) port 80 (#0) > GET /ws/local/vip/info HTTP/1.1 > User-Agent: curl/7.21.7 (x86_64-unknown-linux-gnu) libcurl/7.21.7 > OpenSSL/0.9.8o zlib/1.2.3 libidn/1.18 libssh2/1.2.2 > Host: localhost > Accept: */* > < HTTP/1.1 403 Forbidden Appreciate any help. Thanks
