2

I have a website running on Server 2008 R2 machine and I would like to restrict access for a specific jsp page to a single IP address. Within Tomcat's context.xml file, I figured out how to restrict access to a directory using the RemoteAddr Valve, but I can't figure out how to do this for a single file. Is this even possible?

1 Answers1

3

I discovered that the context.xml file is not the right place to do such a configuration. It can actually be done in the web.xml file using Tomcat's RemoteAddrFilter. In the example I have given below, the filter specifies an IP(x.x.x.x) to allow, all other IP's will be blocked. The "filter-mapping" tag that follows the "filter" section specifies the URL to restrict, in this case the page "something.jsp". This page is restricted for everyone but the IP address that is allowed, everyone else will get a 403 page.

<filter>
    <filter-name>Remote Address Filter</filter-name>
    <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
        <init-param>
            <param-name>allow</param-name>
            <param-value>x.x.x.x</param-value>
        </init-param>
</filter>

<filter-mapping>
    <filter-name>Remote Address Filter</filter-name>
    <url-pattern>/something.jsp</url-pattern>
</filter-mapping>