block IP using tuckey-urlrewrite-filter rermote-addr

490 views Asked by At

I am trying to block an IP to certain parts of my application using UrlRewriteFilter 4.0.3. but I just can not get this to work no matter what I try. Can someone please help?

I have added the urlrewritefilter-4.0.3.jar into - /var/lib/tomcat7/webapps/myapp/WEB-INF/lib I have added the urlrewrite.xml in /var/lib/tomcat7/webapps/myapp/WEB-INF/.

I have added the following lines into the web.xml in /var/lib/tomcat/webapps/myapp/WEB-INF/ :

<filter>
         <filter-name>UrlRewriteFilter</filter-name>
            <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>

            <init-param>
                <param-name>confReloadCheckInterval</param-name>
                <param-value>0</param-value>
            </init-param>

            <init-param>
        <param-name>statusEnabled</param-name>
        <param-value>true</param-value>
            </init-param>
            <init-param>
                <param-name>logLevel</param-name>
                <param-value>DEBUG</param-value>
            </init-param>
            <init-param>
                <param-name>statusEnabledOnHosts</param-name>
                <param-value>localhost</param-value>
            </init-param>
     </filter>
    <filter-mapping>
        <filter-name>UrlRewriteFilter</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>

In have written the following condition and placed it in the urlrewrite.xml

 <rule>
    <condition type="remote-addr">^123\.123\.42\.36$</condition>
    <from>/myapp/login*</from>
    <set type="status">403</set>
    <to>null</to>
    </rule>

I thought doing this would block the IP from accessing the /myapp/login part of my application but it doesn't work.

Any suggestions about how to get round this would be much appreciate as I only want to block individual IP ranges to certain sections of my application.

Thanks Ollie

2

There are 2 answers

0
pmverma On

I also had same issue couple of month ago.

I find this link helpful.

Tomcat 7 Ip Filter

Hope this help.

Cheers.

0
Konstantin Kolinko On
  1. <from>^/login*</from>
  2. <to last="true">null</to>

Also, there exists org.apache.catalina.filters.RemoteAddrFilter filter that you can configure in web.xml. http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_Address_Filter