I'm trying to solve the following:
I have a Tomcat web application which is configured (and should be) to accept ANY IP.
e.g: (protocol://host:port/MyApp/)
What I want to do is to only allow certain IP's to enter a directory stored inside my web app AND when entering, being prompted a username and password.
e.g:(protocol://host:port/MyApp/Directory)
I think the configuration should be done in context.xml and/or web.xml but I don't know how.
You can star from the following links
How to add security to your Web Application: http://docs.oracle.com/javaee/6/tutorial/doc/gkbaa.html
How to deny access based on IP or host:
http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_Address_Filter
http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Remote_Host_Filter
Related
I am trying to build a new DNS, which will act as a proxy for certain domain names and uses a public DNS as upstream.
My understanding of DNS:
Client asks DNS (x.x.x.x) about example.com
DNS will look up inside its zones (or parent and root) and find example.com can be found at i.i.i.i
DNS will send i.i.i.i to the client.
Now, client asks the ip address of restricted.test and DNS server knows it is a restricted website, so instead of giving the direct ip to the website, it gives it's own proxy address p.p.p.p to the client.
Please correct me if I'm wrong till now, but when the client tries to connect to p.p.p.p how the proxy server knows which website the client wants to go in?
I really want to know how these work under the hood
Thanks in advance.
This mechanism you are asking about is the Proxy Auto-Configuration (PAC) file.
Read more about it here :
https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file
And here :
https://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_explained.aspx
Essentially in corporate networks, a PAC file is pushed out to every computer, and browser settings are also configured to enable the PAC file. But it can also be done manually. Just check your browser proxy settings to see the location of the PAC file it is pointed to.
The title is self-explanatory, I can access the swagger UI from the server which I installed it, but could not access it when I'm requesting the URL from another pc in the same network (domain ). I am not using localhost, I tested it with the server name and the IP with no success. The firewall on the server is off but to be sure I added required rules to allow the swagger port to be accessed without interference.
Add context path in your application.properties.
server.servlet.context-path=/rootpath
And try to access swagger with this context.
http://<ip>:8080/rootpath/swagger-ui.html
I have a fully functioning bootstrap project. Whenever I want to access it locally I go to localhost:8080
Now I would like to run it on my server under domain name websitename.com and I want to be able to access first page of my bootstrap project without having to type websitename.com:8080 and instead just type websitename.com/
Is there any way to configure the server to do so? Or is this bootstrap configuration?
You have to change your port from 8080 to 80. This is the default http port recognized by browsers.
To achieve that you have to add line
server.port = 80
to your application.properties config file (find details in the documentation)
Note: Depending on operation system usage of 80 port might be restricted to only root user. You'll probably have to run the app with sudo or set up http proxy.
I have an application (.war) deployed in a Websphere Application Server v8. This app consists in a web application which is accessed by browser.
Now I have an IP Address that I want to ban but I don't find the option in the Administrative Console. Where I should ban this ip for to avoid the access this specifically application?
In WebSphere you have 2 options (depends if you directly access app server or through http server):
1 Directly via WebSphere admin console.
Go to:
Application servers > server1 > Web container transport chains > WCInboundDefault > TCP inbound channel (TCP_2)
In the Address exclude list enter client addresses you want to block
restart the server
2 Use IBM HTTP Server (based on Apache) and WebSphere Plugin, which is available with WebSphere and define Deny list using standard httpd.conf configuration.
Probably an IP filter isn't implemented by default in your application server, but it's easy enough to include an IP filter implemented in a servlet filter.
There's a nice intro to what filters can do on the Oracle site and plenty of readymade IP filters all over the web, like here or here. As you can see, the code needed is pretty simple, and as servlet filters are part of the EE spec, the result is portable between appservers as well.
I am curious about Amazon webservices and so I thought of creating a dynamic webpage with Amazon EC2. I created an instance, installed apache and php and made sure it is working in EC2(using remote access). I have assigned a elastic IP to the instance. My question is how to access the webpage that I created in the instance. I am not sure what to give the servername in httpd.conf. My goal is access the page like http://amazonaddress/test.php
I am using windows server, but I think it is basically the same. My documents are in the same folder as mentioned in conf file. But when I use my elastic IP, it isn't working . Not even the basic index page in the apache htdocs(that's the home folder according to conf). To throw more light I will explain what I have done till now.
I have created a micro instance(EC2) and logged into it using remote desktop. I have installed apache msi file and php after that. I have created a elasticIP and attached the instance and to my security group I have added http service to port 80. I have tested if localhost is working in my remote machine(points to index.html). After that I have tried accessing it using elastic IP and it just times out. Is there any step I have missed?
You can access it via http://255.255.255.255 where you replace the 255.255.255.255 with your elastic IP address.
Then you want to setup DNS for your domain name. So you'll need to create an A Record mapping www.yourdomain.com to whatever your elastic IP address is. You can usually do this via your domain name registrar as most of them also run basic DNS services for free.
You can access an ec2 instance using it's public DNS name (or elastic IP since you already have one of those), which can be seen in the instances description tab. Configuring your personal domain name to point to that server will involve creating an A Record mapping to that public IP.
Assuming apache has been setup correctly, that's all you should need to do to get started (and your test.php page is in /var/www/). For your purposes, you probably shouldn't even need to modify the httpd.conf file at all.
Also, be sure to remember to open a port on the security group (under Network & Security from the EC2 Console) that the instance belongs to. In your example, you will want to open port 80 inbound with source 0.0.0.0/0 (unless you want to limit access to a specific IP range).
Hope this helps.