2012/9/23 Jaikit Savla <jaikit.sa...@yahoo.com>: > Hello Users, > > I have some admin api's which I want to have restricted access - such that > only if the request originates from localhost - it will execute. > For that I am using tomcat's RemoteAddrfilter > > <filter> > <filter-name>Remote Address Filter</filter-name> > > <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class> > <init-param> > <param-name>allow</param-name> > <param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value> > </init-param> > </filter> > <filter-mapping> > <filter-name>Remote Address Filter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > </filter> > > Now when I execute the request from localhost - request fails with 403. > Reason being "REMOTE_ADDR" is set with actual ip of the machine and filter > does string comparison of ip. Hence it fails. > Any clue on how to resolve this use case ? >
1. There must be some reason why "REMOTE_ADDR" has that value in your configuration. Your description is lacking. What is your configuration? 2. The filter does not do string comparison, but does regexp matching. Nothing prevents you from adding that additional value to the regular expression. > > > > -bash-4.1$ curl -v http://localhost/ws/local/info > * About to connect() to localhost port 80 (#0) > * Trying 127.0.0.1... connected > * Connected to localhost (127.0.0.1) port 80 (#0) >> GET /ws/local/vip/info HTTP/1.1 >> User-Agent: curl/7.21.7 (x86_64-unknown-linux-gnu) libcurl/7.21.7 >> OpenSSL/0.9.8o zlib/1.2.3 libidn/1.18 libssh2/1.2.2 >> Host: localhost >> Accept: */* >> > < HTTP/1.1 403 Forbidden > > Appreciate any help. > > Thanks --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
