限制客户端ip访问

最新推荐文章于 2022-10-06 22:29:05 发布

原创最新推荐文章于 2022-10-06 22:29:05 发布 · 1.5k 阅读

11 ·

CC 4.0 BY-SA版权

文章标签：

#jboss #filter #servlet #access #tomcat #properties

博客介绍了两种限制客户端访问的方法。一是使用Tomcat（引擎、主机或上下文级别），通过RemoteAddrValve和RemoteHostValve基于客户端IP过滤流量，还说明了在JBoss中配置Tomcat的方法；二是使用Servlet Filter（Servlet或URL模式级别），介绍了安装和配置方式及过滤规则。

部署运行你感兴趣的模型镜像

When securing HTTP traffic, you may wish to consider limiting access to clients with a certain IP address. You can do this at many levels.

Limiting client access using Tomcat (Engine, Host, or Context level)

If you want to limit client access at a high level such as the entire server, you will use a Tomcat valve.

Tomcat has two valves that will filter traffic based on the clinet's IP address. They are the RemoteAddrValve and the RemoteHostValve. Both of these valves are extended from RequestFilterValve.

For a discussion of how to configure Tomcat valves see http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/index.html.

To configure Tomcat in JBoss, you will need to either edit server.xml or jboss-service.xml based on JBoss version.

For JBoss 3.2.4 and higher server.xml is found in <jboss install dir>/server/<configuration>/deploy/jbossweb-tomcat50.sar
For JBoss 3.2.3 and lower jboss-server.xml is found in <jboss install dir>/server/<configuration>/deploy/jbossweb-tomcat41.sar/META-INF

Limiting client access using a servlet filter (Servlet or url-pattern level)

If you want to limit client access to a particular servlet or to requests that match a url pattern, you can use the servlet filter attached to this page. This requires JDK 1.4 or higher.

To install, place the attached jar in your WEB-INF/lib directory. If you want to use it in multiple web applications then you can instead put it in your <jboss install>/server/<configuration>/lib directory.

There is also an attached example web.xml file that shows how to configure the filter. The main part to look at is the filter definition:

  <filter>
     <filter-name>RemoteHostFilter</filter-name>
     <filter-class>org.jboss.remotehostfilter.RemoteHostFilter</filter-class>
     <init-param>        
        <param-name>deny</param-name>
        <param-value>150.0.0.*</param-value>
     </init-param>
     <init-param>        
        <param-name>allow</param-name>
        <param-value>192.4.5.6,127.0.0.*</param-value>
     </init-param>
  </filter>

This filter is configured by setting the "allow" and/or "deny" properties to a comma-delimited list of regular expressions(in the syntax supported by the java.util.regex package) to which the client IP address will be compared.

Evaluation proceeds as follows:

If there are any deny expressions configured, the IP will be compared to each expression. If a match is found, this request will be rejected with a "Forbidden" HTTP response.
If there are any allow expressions configured, the IP will be compared to each such expression. If a match is NOT found, this request will be rejected with a "Forbidden" HTTP response.
Otherwise, the request will continue normally.

Attachments:

hostfilter.jar		3771 bytes
web.xml		1538 bytes
RemoteHostFilter.java		5239 bytes
TestServlet.java		2592 bytes

您可能感兴趣的与本文相关的镜像

GPT-oss:20b

图文对话

Gpt-oss

GPT OSS 是OpenAI 推出的重量级开放模型，面向强推理、智能体任务以及多样化开发场景