-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jaikit,
On 9/22/12 6:04 PM, Jaikit Savla wrote: > I have some admin api's which I want to have restricted access I think you mean APIs. "admin api's which" is a possessive even a native English speaker can't figure out. > - such that only if the request originates from localhost - it will > execute. For that I am using tomcat's RemoteAddrfilter > > <filter> <filter-name>Remote Address Filter</filter-name> ... > <param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value> > ... </filter> > > Now when I execute the request from localhost - request fails with > 403. Reason being "REMOTE_ADDR" is set with actual ip of the > machine and filter does string comparison of ip. Hence it fails. How do you do the request? If it's like this: > -bash-4.1$ curl -v http://localhost/ws/local/info * About to > connect() to localhost port 80 (#0) * Trying 127.0.0.1... > connected * Connected to localhost (127.0.0.1) port 80 (#0) >> GET /ws/local/vip/info HTTP/1.1 User-Agent: curl/7.21.7 >> (x86_64-unknown-linux-gnu) libcurl/7.21.7 OpenSSL/0.9.8o >> zlib/1.2.3 libidn/1.18 libssh2/1.2.2 Host: localhost Accept: */* >> > < HTTP/1.1 403 Forbidden ...then I don't understand why you aren't getting 127.0.0.1 as the REMOTE_ADDR. Do you have anything weird in /etc/hosts like 'localhost 108.13.226.208' or any folishness with the routing table which makes localhost take the long route through ethX? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBgrU4ACgkQ9CaO5/Lv0PALmgCgwlIRgtaGRhsM03gvfDguTGJ8 VpEAoKNpwD+zNmvBBsIqxv2/IngmAt1T =ExFV -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org