Win a copy of Grokking Bitcoin this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Paul Clapham
  • Devaka Cooray
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Frits Walraven
Bartenders:
  • Carey Brown
  • salvin francis
  • Claude Moore

Tomcat multiple connectors for one application with IP restriction  RSS feed

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I need to create configuration for app, that will have two connectors (HTTP and HTTPS) and restrict access to HTTP connector by IP. Is it possible?
 
Saloon Keeper
Posts: 5401
143
Android Firefox Browser Mac OS X Safari Tomcat Server VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think this is possible using the remote address valve and its addConnectorPort attribute.

It is definitely possible using the rewrite valve.
 
Saloon Keeper
Posts: 20641
122
Android Eclipse IDE Java Linux Redhat Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, the Tomcat Valve subsystem is where you can log and filter stuff like that.

However, as a general rule, limiting access by source IP address is something better done using the machine's firewall. It blocks earlier in the pipeline and can limit access to all servers on the machine, not just Tomcat (for example, Apache).

It should be noted that HTTP is no longer the recommended protocol in many cases. A lot of servers will immediately flip you over to HTTPS.

Also, I hope you're not trying to restrict access for for users based on their source IP address. That's an extremely unreliable means of identification.
 
Surfs up space ponies, I'm making gravy without this lumpy, tiny ad:
Create Edit Print & Convert PDF Using Free API with Java
https://coderanch.com/wiki/703735/Create-Convert-PDF-Free-Spire
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!