To answer your question....Yes. in-fact you can place the class where ever you want as long as it is in your classpath. Of course you will also have to change the <filter-class> attribute accordingly.
Nathan On May 11, 2004, at 7:42 AM, lrnobs wrote:
Yoav,
So from what I know so far my
/usr/local/tomcat/webapps/myapplication/WEB-INF/web.xml should look like the
following:
<web-app> <filter> <filter-name>UrlFilter</filter-name> <filter-class>UrlFilter</filter-class> *Don't know how this should layout.* </filter>
<filter-mapping> <filter-name>UrlFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
<welcome-file-list> <welcome-file>index.jsp</welcome-file> <welcome-file>index.html</welcome-file> </welcome-file-list> </web-app>
Do I then create /usr/local/tomcat/webapps/myapplication/WEB-INF/classes/URLFilter.java?
public class UrlFilter implements Filter { ... public void doFilter(...) { if(req instance of HttpServletRequest) { HttpServletRequest hreq = (HttpServletRequest) req; String uri = hreq.getRequestURI(); if(allow(uri)){ chain.doFilter(req, res); } else { ...........Send to Null // Do whatever: error page, redirect, etc. } } else { // Non-HTTP requests chain.doFilter(req, res); } }
private boolean allow(String uri) { // Look up allowed urls in a DB, Collection, whatever
SubstringTest = False; SubstringTest = string.indexOf("GET / HTTP/1.1") > 0; if(SubstringTest = True) return True; Do the same for the rest //GET / HTTP/1.0 //page1.jsp //page2.jsp //page3.jsp //page4.jsp //page5.jsp //graphic1.gif //graphic2.gif } }
Thanks,
Larry Nobs
communication, and may contain information that is confidential, proprietary
Hi, This is a trivial filter: public class URLFilter implements Filter { ... public void doFilter(...) { if(req instance of HttpServletRequest) { HttpServletRequest hreq = (HttpServletRequest) req; String uri = hreq.getRequestURI(); if(allow(uri)){ chain.doFilter(req, res); } else { // Do whatever: error page, redirect, etc. } } else { // Non-HTTP requests chain.doFilter(req, res); } }
private boolean allow(String uri) { // Look up allowed urls in a DB, Collection, whatever } }
I omitted full prototype declarations above due to laziness. It's the javax.servlet.Filter interface.
Take a look at the balancer webapp that ships with tomcat 5. The
URLStringMatchRule is pretty close to what you want, and can be easily
extended with a list of allow patterns and/or deny patterns. Tomcat has
something similar as the base Valve for the RemoteAddr/RemoteHost
valves.
Yoav Shapira Millennium Research Informatics
based on-----Original Message----- From: lrnobs [mailto:[EMAIL PROTECTED] Sent: Saturday, May 08, 2004 9:11 PM To: Tomcat Users List Subject: Filter on url example - Filter out hack attempts
I have had no luck Googling so far for an example on how to filterurls.to
I thought I might put this in the AccessLogValve but will do whatever works.
I have a limited number of jsp's and graphics on my site and would likefilter out all of the hack attempts that fill up my logs.
I would like to do something like this (in plain english)
Accept GET / HTTP/1.1 GET / HTTP/1.0 *page1.jsp* *page2.jsp* *page3.jsp* *page4.jsp* *page5.jsp* *graphic1.gif* *graphic2.gif*
Drop All Other Requests - they are just hack attempts
Thanks,
Larry Nobs
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
This e-mail, including any attachments, is a confidential business
and/or privileged. This e-mail is intended only for the individual(s) to
whom it is addressed, and may not be saved, copied, printed, disclosed or
used by anyone else. If you are not the(an) intended recipient, please
immediately delete this e-mail from your computer system and notify the
sender. Thank you.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]