Data AccessCore JavaApp FrameworksViewTestingBuildingDeploymentDev ToolsSecurityOpinions

Thursday, December 4, 2008

Filtering IP traffic using a Java Filter - RemoteAddrFilter

I recently wrote a Java Filter, which is a replica of the org.apache.catalina.valves.RemoteAddrValve implementation. It performs filtering based on comparing the requestors remote IP address against a set of regular expressions, configured in the Filter's initialization parameters. If an IP addresses is to be rejected it is rejected with a Forbidden HTTP response.

This provided useful because Valves are attached to the servlet container while a Filter can be mapped to any url pattern at the application level rather than at the container level.

GET THE CODE
Here is a link to the filter code. (RemoteAddrFilter.java)

This filter is configured by setting the allow and/or deny properties to a comma-delimited list of regular expressions to which the requestors remote address will be compared. Evaluation proceeds as follows:
  • The filter initializes reading the allow and/or deny properties and converting them to a comma-delimited list of regular expressions to which the requester's remote address will be compared.
  • If there are any deny expressions configured, the property will be compared to each such expression. If a match is found, this request will be rejected with a "Forbidden" HTTP response.
  • If there are any allow expressions configured, the property will be compared to each such expression. If a match is found, this request will be allowed to pass through to the next Filter in the current pipeline.
  • If one or more deny expressions was specified but no allow expressions, allow this request to pass through (because none of the deny expressions matched it).
  • The request will be rejected with a "Forbidden" HTTP response.
The filter is configured the same way all Java Filter's. This filter takes two initial parameters. The value of those properties should be set to a comma-delimited list of regular expressions to which the requestors remote address will be compared.

CONFIGURE
The filter is added to your context via the web.xml. Below is an example configuration.

<filter>
   <filter-name>RemoteAddrFilter</filter-name>
   <filter-class>RemoteAddrFilter<filter-class>
   <init-param>
      <param-name>allow</param-name>
      <param-value>192.168.1.*</param-value>
   </init-param>
   <init-param>
      <param-name>deny</param-name>
      <param-value>163.122.111.*</param-value>
   </init-param>
</filter>


DEPENDENCIES
There is a dependency with Jakarta Regexp.

8 comments:

  1. Really nice you shared great information which is useful to us, thanks a lot for sharing it. packers and movers in hyderabad packers and movers kukatpally

    ReplyDelete
  2. I have read your blog its very attractive and impressive. I like it your blog.

    Java Training in Chennai Java Training in Chennai | Core Java Training in Chennai

    Online Java Training Java Online Training | Java J2EE Online Training | JavaEE Training Institute in Chennai

    ReplyDelete
  3. If You are looking for MSBTE Result Winter 2016 then you must follow few simple steps to get your Result Online.

    How Should I know to find the MSBTE Winter 2016 Result Date ? Most of students are searching for the Date of Result.
    Maharashtra State Board of Technical Education will declare the MSBTE Result 2016 Winter
    Students who are looking for Karnataka DTE Diploma December 2016 Examination then you can just follow >> Karnataka Diploma Result 2016 Nov/Dec

    ReplyDelete
  4. Thanks for your Informative post. it contains really useful information movers and packers marathalli Movers madhapur

    ReplyDelete