使用多个Tomcat容器提供的过滤器(远程地址过滤器)

时间:2013-05-27 14:14:27

标签: tomcat filter localhost remote-access

我试图限制基于IP地址在tomcat服务器上访问哪些URL。我想要做的是允许通过环回地址(即localhost)访问tomcat时访问所有地方,并且只允许访问所有其他远程IP的某些区域。我在conf / web.xml中有以下两个过滤器,但它们的行为并不像我想的那样。现在所有远程访问被拒绝(不是我想要的),并且所有本地访问被允许(我想要的)。我无法让tomcat允许所有IP地址访问/ terms / ,/ help / 等。

任何指针都非常感激。

<!-- ================== Built In Filter Definitions ===================== -->

<filter>
    <filter-name>Restrict Remote Filter</filter-name>
    <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
    <init-param>
        <param-name>allow</param-name> 
        <param-value>\d+\.\d+\.\d+\.\d+</param-value>  <!-- for any IP address, * not allowed here -->
    </init-param>
</filter>
<filter-mapping>
    <filter-name>Restrict Remote Filter</filter-name>
    <url-pattern>/terms/*, /help/*, /messagebroker/*</url-pattern>  <!-- allow access to these areas only -->
</filter-mapping>

<filter>
    <filter-name>Allow Localhost Filter</filter-name>
    <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
    <init-param>
        <param-name>allow</param-name> 
        <param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value>  <!-- for localhost access… -->
    </init-param>
</filter>
<filter-mapping>
    <filter-name>Allow Localhost Filter</filter-name>
    <url-pattern>/*</url-pattern>  <!-- access all areas -->
</filter-mapping> 

1 个答案:

答案 0 :(得分:3)

<url-pattern>/terms/*, /help/*, /messagebroker/*</url-pattern>

为每个模式尝试单独的url-pattern,据我所知,字符“,”(逗号)不被识别为特殊字符,而是您网址的一部分。试试这个:

<url-pattern>/terms/*</url-pattern>
<url-pattern>/help/*</url-pattern>
<url-pattern>/messagebroker/*</url-pattern>