Re: Filter on url example - Filter out hack attempts
Yoav, So from what I know so far my /usr/local/tomcat/webapps/myapplication/WEB-INF/web.xml should look like the following: web-app filter filter-nameUrlFilter/filter-name filter-classUrlFilter/filter-class *Don't know how this should layout.* /filter filter-mapping filter-nameUrlFilter/filter-name url-pattern/*/url-pattern /filter-mapping welcome-file-list welcome-fileindex.jsp/welcome-file welcome-fileindex.html/welcome-file /welcome-file-list /web-app Do I then create /usr/local/tomcat/webapps/myapplication/WEB-INF/classes/URLFilter.java? public class UrlFilter implements Filter { ... public void doFilter(...) { if(req instance of HttpServletRequest) { HttpServletRequest hreq = (HttpServletRequest) req; String uri = hreq.getRequestURI(); if(allow(uri)){ chain.doFilter(req, res); } else { ...Send to Null // Do whatever: error page, redirect, etc. } } else { // Non-HTTP requests chain.doFilter(req, res); } } private boolean allow(String uri) { // Look up allowed urls in a DB, Collection, whatever SubstringTest = False; SubstringTest = string.indexOf(GET / HTTP/1.1) 0; if(SubstringTest = True) return True; Do the same for the rest //GET / HTTP/1.0 //page1.jsp //page2.jsp //page3.jsp //page4.jsp //page5.jsp //graphic1.gif //graphic2.gif } } Thanks, Larry Nobs Hi, This is a trivial filter: public class URLFilter implements Filter { ... public void doFilter(...) { if(req instance of HttpServletRequest) { HttpServletRequest hreq = (HttpServletRequest) req; String uri = hreq.getRequestURI(); if(allow(uri)){ chain.doFilter(req, res); } else { // Do whatever: error page, redirect, etc. } } else { // Non-HTTP requests chain.doFilter(req, res); } } private boolean allow(String uri) { // Look up allowed urls in a DB, Collection, whatever } } I omitted full prototype declarations above due to laziness. It's the javax.servlet.Filter interface. Take a look at the balancer webapp that ships with tomcat 5. The URLStringMatchRule is pretty close to what you want, and can be easily extended with a list of allow patterns and/or deny patterns. Tomcat has something similar as the base Valve for the RemoteAddr/RemoteHost valves. Yoav Shapira Millennium Research Informatics -Original Message- From: lrnobs [mailto:[EMAIL PROTECTED] Sent: Saturday, May 08, 2004 9:11 PM To: Tomcat Users List Subject: Filter on url example - Filter out hack attempts I have had no luck Googling so far for an example on how to filter based on urls. I thought I might put this in the AccessLogValve but will do whatever works. I have a limited number of jsp's and graphics on my site and would like to filter out all of the hack attempts that fill up my logs. I would like to do something like this (in plain english) Accept GET / HTTP/1.1 GET / HTTP/1.0 *page1.jsp* *page2.jsp* *page3.jsp* *page4.jsp* *page5.jsp* *graphic1.gif* *graphic2.gif* Drop All Other Requests - they are just hack attempts Thanks, Larry Nobs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filter on url example - Filter out hack attempts
First of this is not a Tomcat question. This type of information is always available at http://java.sun.com or http://forum.java.sun.com/ To answer your questionYes. in-fact you can place the class where ever you want as long as it is in your classpath. Of course you will also have to change the filter-class attribute accordingly. Nathan On May 11, 2004, at 7:42 AM, lrnobs wrote: Yoav, So from what I know so far my /usr/local/tomcat/webapps/myapplication/WEB-INF/web.xml should look like the following: web-app filter filter-nameUrlFilter/filter-name filter-classUrlFilter/filter-class *Don't know how this should layout.* /filter filter-mapping filter-nameUrlFilter/filter-name url-pattern/*/url-pattern /filter-mapping welcome-file-list welcome-fileindex.jsp/welcome-file welcome-fileindex.html/welcome-file /welcome-file-list /web-app Do I then create /usr/local/tomcat/webapps/myapplication/WEB-INF/classes/URLFilter.java? public class UrlFilter implements Filter { ... public void doFilter(...) { if(req instance of HttpServletRequest) { HttpServletRequest hreq = (HttpServletRequest) req; String uri = hreq.getRequestURI(); if(allow(uri)){ chain.doFilter(req, res); } else { ...Send to Null // Do whatever: error page, redirect, etc. } } else { // Non-HTTP requests chain.doFilter(req, res); } } private boolean allow(String uri) { // Look up allowed urls in a DB, Collection, whatever SubstringTest = False; SubstringTest = string.indexOf(GET / HTTP/1.1) 0; if(SubstringTest = True) return True; Do the same for the rest //GET / HTTP/1.0 //page1.jsp //page2.jsp //page3.jsp //page4.jsp //page5.jsp //graphic1.gif //graphic2.gif } } Thanks, Larry Nobs Hi, This is a trivial filter: public class URLFilter implements Filter { ... public void doFilter(...) { if(req instance of HttpServletRequest) { HttpServletRequest hreq = (HttpServletRequest) req; String uri = hreq.getRequestURI(); if(allow(uri)){ chain.doFilter(req, res); } else { // Do whatever: error page, redirect, etc. } } else { // Non-HTTP requests chain.doFilter(req, res); } } private boolean allow(String uri) { // Look up allowed urls in a DB, Collection, whatever } } I omitted full prototype declarations above due to laziness. It's the javax.servlet.Filter interface. Take a look at the balancer webapp that ships with tomcat 5. The URLStringMatchRule is pretty close to what you want, and can be easily extended with a list of allow patterns and/or deny patterns. Tomcat has something similar as the base Valve for the RemoteAddr/RemoteHost valves. Yoav Shapira Millennium Research Informatics -Original Message- From: lrnobs [mailto:[EMAIL PROTECTED] Sent: Saturday, May 08, 2004 9:11 PM To: Tomcat Users List Subject: Filter on url example - Filter out hack attempts I have had no luck Googling so far for an example on how to filter based on urls. I thought I might put this in the AccessLogValve but will do whatever works. I have a limited number of jsp's and graphics on my site and would like to filter out all of the hack attempts that fill up my logs. I would like to do something like this (in plain english) Accept GET / HTTP/1.1 GET / HTTP/1.0 *page1.jsp* *page2.jsp* *page3.jsp* *page4.jsp* *page5.jsp* *graphic1.gif* *graphic2.gif* Drop All Other Requests - they are just hack attempts Thanks, Larry Nobs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filter on url example - Filter out hack attempts
Hi, First of this is not a Tomcat question. This type of information is always available at http://java.sun.com or http://forum.java.sun.com/ Right, but we do encourage general servlet and JSP related discussions here too. So from what I know so far my /usr/local/tomcat/webapps/myapplication/WEB-INF/web.xml should look like the following: web-app filter filter-nameUrlFilter/filter-name filter-classUrlFilter/filter-class *Don't know how this should layout.* /filter filter-mapping filter-nameUrlFilter/filter-name url-pattern/*/url-pattern /filter-mapping That's fine. I'd suggest you put your UrlFilter in a package, e.g. com.yourclasses.UrlFilter, and change the filter-class accordingly. Do I then create /usr/local/tomcat/webapps/myapplication/WEB-INF/classes/URLFilter.java? Sure. For general help on the source and deployment organization of a webapp, see http://jakarta.apache.org/tomcat/tomcat-5.0-doc/appdev/index.html. private boolean allow(String uri) { // Look up allowed urls in a DB, Collection, whatever SubstringTest = False; SubstringTest = string.indexOf(GET / HTTP/1.1) 0; Make sure you understand what a request URI is for the HTTP protocol. It will have neither the GET (method name) nor the protocol spec (HTTP/1.1 above). Read and understand the JavaDocs for the HttpServletRequest interface completely. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filter on url example - Filter out hack attempts
Nathan, I am a newbie to Java and Tomcat, and I did spend two days with two Tomcat books I bought and Google trying to find some instructions I could understand before posting a question to this list. Please let me know if there is a list more appropriate for new users. Thanks, Larry Nobs - Original Message - From: Nathan Maves [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 8:56 AM Subject: Re: Filter on url example - Filter out hack attempts First of this is not a Tomcat question. This type of information is always available at http://java.sun.com or http://forum.java.sun.com/ To answer your questionYes. in-fact you can place the class where ever you want as long as it is in your classpath. Of course you will also have to change the filter-class attribute accordingly. Nathan On May 11, 2004, at 7:42 AM, lrnobs wrote: Yoav, So from what I know so far my /usr/local/tomcat/webapps/myapplication/WEB-INF/web.xml should look like the following: web-app filter filter-nameUrlFilter/filter-name filter-classUrlFilter/filter-class *Don't know how this should layout.* /filter filter-mapping filter-nameUrlFilter/filter-name url-pattern/*/url-pattern /filter-mapping welcome-file-list welcome-fileindex.jsp/welcome-file welcome-fileindex.html/welcome-file /welcome-file-list /web-app Do I then create /usr/local/tomcat/webapps/myapplication/WEB-INF/classes/URLFilter.java? public class UrlFilter implements Filter { ... public void doFilter(...) { if(req instance of HttpServletRequest) { HttpServletRequest hreq = (HttpServletRequest) req; String uri = hreq.getRequestURI(); if(allow(uri)){ chain.doFilter(req, res); } else { ...Send to Null // Do whatever: error page, redirect, etc. } } else { // Non-HTTP requests chain.doFilter(req, res); } } private boolean allow(String uri) { // Look up allowed urls in a DB, Collection, whatever SubstringTest = False; SubstringTest = string.indexOf(GET / HTTP/1.1) 0; if(SubstringTest = True) return True; Do the same for the rest //GET / HTTP/1.0 //page1.jsp //page2.jsp //page3.jsp //page4.jsp //page5.jsp //graphic1.gif //graphic2.gif } } Thanks, Larry Nobs Hi, This is a trivial filter: public class URLFilter implements Filter { ... public void doFilter(...) { if(req instance of HttpServletRequest) { HttpServletRequest hreq = (HttpServletRequest) req; String uri = hreq.getRequestURI(); if(allow(uri)){ chain.doFilter(req, res); } else { // Do whatever: error page, redirect, etc. } } else { // Non-HTTP requests chain.doFilter(req, res); } } private boolean allow(String uri) { // Look up allowed urls in a DB, Collection, whatever } } I omitted full prototype declarations above due to laziness. It's the javax.servlet.Filter interface. Take a look at the balancer webapp that ships with tomcat 5. The URLStringMatchRule is pretty close to what you want, and can be easily extended with a list of allow patterns and/or deny patterns. Tomcat has something similar as the base Valve for the RemoteAddr/RemoteHost valves. Yoav Shapira Millennium Research Informatics -Original Message- From: lrnobs [mailto:[EMAIL PROTECTED] Sent: Saturday, May 08, 2004 9:11 PM To: Tomcat Users List Subject: Filter on url example - Filter out hack attempts I have had no luck Googling so far for an example on how to filter based on urls. I thought I might put this in the AccessLogValve but will do whatever works. I have a limited number of jsp's and graphics on my site and would like to filter out all of the hack attempts that fill up my logs. I would like to do something like this (in plain english) Accept GET / HTTP/1.1 GET / HTTP/1.0 *page1.jsp* *page2.jsp* *page3.jsp* *page4.jsp* *page5.jsp* *graphic1.gif* *graphic2.gif* Drop All Other Requests - they are just hack attempts Thanks, Larry Nobs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete
Re: Filter on url example - Filter out hack attempts
Hi Larry, as someone who has only been using tomcat (apart from the deploy tool) since August and who has had to greatly improve my Java skills since the same time... I suggest the best way to learn is to get your hands dirty, so to speak. Thoroughly read the provided Tomcat docs including any ReadMe files you can get your hands on. Get you hands on any example server.xml files that you can (there'll probably be some in your books and on the web). As for Java, find some good books to teach you Java and JSPs. I found Java a very steep learning curve at first. I have also found the following Java site very useful (and the book that goes with it): http://javagently.cs.up.ac.za/ and these pages: http://java.sun.com/j2se/1.3/docs/api/ I expect you'll find all the pages quoted by Nathan as being useful also. I've found the best way is to dive in and use them, preferably install Suns Java compiler and Tomcat onto a system somewhere where they can't do major harm if they go wrong (ie. not a server that's already in use!) and just have a go. I've had to do a lot of it on an up and running server but I don't advise this!! Anyway those are just some thoughts and suggestions that may or may not work for you. Hope it helps. Adam. On Tue, 2004-05-11 at 15:16, lrnobs wrote: Nathan, I am a newbie to Java and Tomcat, and I did spend two days with two Tomcat books I bought and Google trying to find some instructions I could understand before posting a question to this list. Please let me know if there is a list more appropriate for new users. Thanks, Larry Nobs - Original Message - From: Nathan Maves [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 8:56 AM Subject: Re: Filter on url example - Filter out hack attempts First of this is not a Tomcat question. This type of information is always available at http://java.sun.com or http://forum.java.sun.com/ To answer your questionYes. in-fact you can place the class where ever you want as long as it is in your classpath. Of course you will also have to change the filter-class attribute accordingly. Nathan On May 11, 2004, at 7:42 AM, lrnobs wrote: Yoav, So from what I know so far my /usr/local/tomcat/webapps/myapplication/WEB-INF/web.xml should look like the following: web-app filter filter-nameUrlFilter/filter-name filter-classUrlFilter/filter-class *Don't know how this should layout.* /filter filter-mapping filter-nameUrlFilter/filter-name url-pattern/*/url-pattern /filter-mapping welcome-file-list welcome-fileindex.jsp/welcome-file welcome-fileindex.html/welcome-file /welcome-file-list /web-app Do I then create /usr/local/tomcat/webapps/myapplication/WEB-INF/classes/URLFilter.java? public class UrlFilter implements Filter { ... public void doFilter(...) { if(req instance of HttpServletRequest) { HttpServletRequest hreq = (HttpServletRequest) req; String uri = hreq.getRequestURI(); if(allow(uri)){ chain.doFilter(req, res); } else { ...Send to Null // Do whatever: error page, redirect, etc. } } else { // Non-HTTP requests chain.doFilter(req, res); } } private boolean allow(String uri) { // Look up allowed urls in a DB, Collection, whatever SubstringTest = False; SubstringTest = string.indexOf(GET / HTTP/1.1) 0; if(SubstringTest = True) return True; Do the same for the rest //GET / HTTP/1.0 //page1.jsp //page2.jsp //page3.jsp //page4.jsp //page5.jsp //graphic1.gif //graphic2.gif } } Thanks, Larry Nobs Hi, This is a trivial filter: public class URLFilter implements Filter { ... public void doFilter(...) { if(req instance of HttpServletRequest) { HttpServletRequest hreq = (HttpServletRequest) req; String uri = hreq.getRequestURI(); if(allow(uri)){ chain.doFilter(req, res); } else { // Do whatever: error page, redirect, etc. } } else { // Non-HTTP requests chain.doFilter(req, res); } } private boolean allow(String uri) { // Look up allowed urls in a DB, Collection, whatever } } I omitted full prototype declarations above due to laziness. It's the javax.servlet.Filter interface. Take a look at the balancer webapp that ships with tomcat 5. The URLStringMatchRule is pretty close to what you want, and can be easily extended with a list of allow patterns and/or deny patterns. Tomcat has something similar as the base Valve for the RemoteAddr/RemoteHost valves. Yoav Shapira
Re: Filter on url example - Filter out hack attempts
Yoav, Make sure you understand what a request URI is for the HTTP protocol. It will have neither the GET (method name) nor the protocol spec (HTTP/1.1 above). Read and understand the JavaDocs for the HttpServletRequest interface completely. I have been looking at the Access Logs daily. Anytime a legitimate user accesses my site everything is preceded with a GET or POST and a jsp or gif that I can recognize. Initially a session starts off with a plain GET / HTTP/1.1 or 1.0 so I should allow these, but all other legitimate usage mentions my files. It sounds like you are saying that there are other requests that are not in the access log? Thanks, Larry Nobs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filter on url example - Filter out hack attempts
Hi, I have been looking at the Access Logs daily. Anytime a legitimate user accesses my site everything is preceded with a GET or POST and a jsp or gif that I can recognize. Initially a session starts off with a plain GET / HTTP/1.1 or 1.0 so I should allow these, but all other legitimate usage mentions my files. It sounds like you are saying that there are other requests that are not in the access log? No, that's not what I'm saying. I'm saying you have a lot to learn with regards to the Servlet API. The information returned from the getRequestURI method in HttpServletRequest is not the same information that is logged in the access logs. (And for that matter, the latter is highly configurable whereas the former is strictly defined). So that's why I said you should read and understand the HttpServletRequest interface and its methods. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filter on url example - Filter out hack attempts
Adam, Thanks for the additional links. I'm a twenty year IT professional and I feel like I am in kindergarden all over again. It is hard to make the switch from Microsoft products and not lose the house in the process. I've taken a Unix class and a Java class at the local community college, and have gotten some basic Samba servers going, after crawling through the documentation for hours. I appreciate any help I can get from this list. Larry Nobs - Original Message - From: Adam Buglass [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 9:30 AM Subject: Re: Filter on url example - Filter out hack attempts Hi Larry, as someone who has only been using tomcat (apart from the deploy tool) since August and who has had to greatly improve my Java skills since the same time... I suggest the best way to learn is to get your hands dirty, so to speak. Thoroughly read the provided Tomcat docs including any ReadMe files you can get your hands on. Get you hands on any example server.xml files that you can (there'll probably be some in your books and on the web). As for Java, find some good books to teach you Java and JSPs. I found Java a very steep learning curve at first. I have also found the following Java site very useful (and the book that goes with it): http://javagently.cs.up.ac.za/ and these pages: http://java.sun.com/j2se/1.3/docs/api/ I expect you'll find all the pages quoted by Nathan as being useful also. I've found the best way is to dive in and use them, preferably install Suns Java compiler and Tomcat onto a system somewhere where they can't do major harm if they go wrong (ie. not a server that's already in use!) and just have a go. I've had to do a lot of it on an up and running server but I don't advise this!! Anyway those are just some thoughts and suggestions that may or may not work for you. Hope it helps. Adam. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filter on url example - Filter out hack attempts
It's not always easy easy to find the right list for a question. The opinions about what is right or wrong vary with the members of the list. (In my opinion your question is right in this list, although I can understand that others have different opinions in this case) I have seen questions that where more of topic than yours. http://forum.java.sun.com/ is not a bad idea as there you may ask questions about java, jsp, servlets and other things that are not drectly related with tomcat. -Original Message- From: lrnobs [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 4:17 PM To: Tomcat Users List Subject: Re: Filter on url example - Filter out hack attempts I am a newbie to Java and Tomcat, and I did spend two days with two Tomcat books I bought and Google trying to find some instructions I could understand before posting a question to this list. Please let me know if there is a list more appropriate for new users. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filter on url example - Filter out hack attempts
Yoav, Ok, thank you. I appreciate all your help. Larry Nobs - Original Message - From: Shapira, Yoav [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 9:37 AM Subject: RE: Filter on url example - Filter out hack attempts Hi, I have been looking at the Access Logs daily. Anytime a legitimate user accesses my site everything is preceded with a GET or POST and a jsp or gif that I can recognize. Initially a session starts off with a plain GET / HTTP/1.1 or 1.0 so I should allow these, but all other legitimate usage mentions my files. It sounds like you are saying that there are other requests that are not in the access log? No, that's not what I'm saying. I'm saying you have a lot to learn with regards to the Servlet API. The information returned from the getRequestURI method in HttpServletRequest is not the same information that is logged in the access logs. (And for that matter, the latter is highly configurable whereas the former is strictly defined). So that's why I said you should read and understand the HttpServletRequest interface and its methods. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filter on url example - Filter out hack attempts
True every alias is subject to the occasional OT question. I think for the most part people are not aware of other areas where information is available. my $.02 On May 11, 2004, at 8:55 AM, Ralph Einfeldt wrote: It's not always easy easy to find the right list for a question. The opinions about what is right or wrong vary with the members of the list. (In my opinion your question is right in this list, although I can understand that others have different opinions in this case) I have seen questions that where more of topic than yours. http://forum.java.sun.com/ is not a bad idea as there you may ask questions about java, jsp, servlets and other things that are not drectly related with tomcat. -Original Message- From: lrnobs [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 4:17 PM To: Tomcat Users List Subject: Re: Filter on url example - Filter out hack attempts I am a newbie to Java and Tomcat, and I did spend two days with two Tomcat books I bought and Google trying to find some instructions I could understand before posting a question to this list. Please let me know if there is a list more appropriate for new users. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filter on url example - Filter out hack attempts
Hi, This is a trivial filter: public class URLFilter implements Filter { ... public void doFilter(...) { if(req instance of HttpServletRequest) { HttpServletRequest hreq = (HttpServletRequest) req; String uri = hreq.getRequestURI(); if(allow(uri)){ chain.doFilter(req, res); } else { // Do whatever: error page, redirect, etc. } } else { // Non-HTTP requests chain.doFilter(req, res); } } private boolean allow(String uri) { // Look up allowed urls in a DB, Collection, whatever } } I omitted full prototype declarations above due to laziness. It's the javax.servlet.Filter interface. Take a look at the balancer webapp that ships with tomcat 5. The URLStringMatchRule is pretty close to what you want, and can be easily extended with a list of allow patterns and/or deny patterns. Tomcat has something similar as the base Valve for the RemoteAddr/RemoteHost valves. Yoav Shapira Millennium Research Informatics -Original Message- From: lrnobs [mailto:[EMAIL PROTECTED] Sent: Saturday, May 08, 2004 9:11 PM To: Tomcat Users List Subject: Filter on url example - Filter out hack attempts I have had no luck Googling so far for an example on how to filter based on urls. I thought I might put this in the AccessLogValve but will do whatever works. I have a limited number of jsp's and graphics on my site and would like to filter out all of the hack attempts that fill up my logs. I would like to do something like this (in plain english) Accept GET / HTTP/1.1 GET / HTTP/1.0 *page1.jsp* *page2.jsp* *page3.jsp* *page4.jsp* *page5.jsp* *graphic1.gif* *graphic2.gif* Drop All Other Requests - they are just hack attempts Thanks, Larry Nobs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Filter on url example - Filter out hack attempts
I have had no luck Googling so far for an example on how to filter based on urls. I thought I might put this in the AccessLogValve but will do whatever works. I have a limited number of jsp's and graphics on my site and would like to filter out all of the hack attempts that fill up my logs. I would like to do something like this (in plain english) Accept GET / HTTP/1.1 GET / HTTP/1.0 *page1.jsp* *page2.jsp* *page3.jsp* *page4.jsp* *page5.jsp* *graphic1.gif* *graphic2.gif* Drop All Other Requests - they are just hack attempts Thanks, Larry Nobs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]