configuring jetty to accept connections from only certain IP addresses

Question

I am using the jetty that is shipped with Apache Solr to run Solr. I would like to configure jetty such that it only accepts connections from certain IP addresses. I know I can bind jetty to 127.0.0.1 to only accept connections from the localhost:

<Set name="host"><SystemProperty name="jetty.host" default="127.0.0.1" /></Set>

But how I do set it so that it can accept connections from certain non-localhost IP addresses as well?

http://stackoverflow.com/questions/8924102/restricting-ip-addresses-for-jetty-and-solr — Daniel t., Feb 05 '13 at 16:51
@Danielt. I don't think that methods works any more, with the new release of jetty — Saqib Ali, Feb 05 '13 at 17:26

score 4 · Accepted Answer · answered Mar 01 '13 at 22:12

You can use the IPAccessHandler that is in jetty 7, 8 and 9

http://download.eclipse.org/jetty/stable-9/apidocs/org/eclipse/jetty/server/handler/IPAccessHandler.html

you would wire this up in the handler chain so that it is executed before anything else in the handler chains

[edit] also look at the jetty-ipaccess.xml file under $jetty.home/etc

http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/jetty-server/src/main/config/etc/jetty-ipaccess.xml

fuero · Answer 2 · 2013-02-05T17:40:25.393

1

You could let iptables or xinetd redirect traffic from port 8080 or 80 to the port you let jetty listen on. Both can restrict to certain IP addresses for this.

Examples can be found here

edited Feb 05 '13 at 17:40

answered Feb 05 '13 at 16:58

fuero

9,413
1
35
40

can you please give me some examples? I am new to iptables/xinetd. Thanks. – Saqib Ali Feb 05 '13 at 17:27
Have a look at [this](http://wiki.eclipse.org/Jetty/Howto/Port80) – fuero Feb 05 '13 at 17:39

configuring jetty to accept connections from only certain IP addresses

2 Answers2