How can I block a ip address with some configuration on web.xml?
Do I need a filter? How can I implement one?
+1
A:
You cannot block IP addresses using web.xml. It should be done at Webserver, Container or Application Server level.
In case you are using Tomcat, you need to use Valve specification to block IP addresses. More information could be found using the following resources
http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html
http://hcmc.uvic.ca/blogs/index.php?blog=30&p=2658&more=1&c=1&tb=1&pb=1
Snehal
2010-05-19 21:49:27
+4
A:
You can't do this purely through config in web.xml, no. A servlet filter would be a good place to implement such a thing, though.
The Filter interface supplies the HttpServletRequest as part of the filter chain invocation, and from that you can get the IP address of the client (using getRemoteAddr), and compare that to your list of permitted addresses.
Alternatively, your specific appserver might support IP filtering at a proprietary level, but that locks you into that container (which may or may not be a problem for you).
skaffman
2010-05-19 21:50:59
A:
figuring out the filter config and all that is left as an exercise to the reader.
import javax.servlet.*;
import java.io.IOException;
public class BlackListFilter implements Filter
{
private String blacklistedip;
@Override
public void init(final FilterConfig filterConfig) throws ServletException
{
this.blacklistedip = filterConfig.getInitParameter("blacklistedip");
}
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain filterChain) throws IOException, ServletException
{
if (!request.getRemoteAddr().equals(this.blacklistedip))
{
filterChain.doFilter(request, response);
}
}
@Override
public void destroy()
{
// nothing
}
}
fuzzy lollipop
2010-05-19 21:54:26
A:
I'd normally acheive this with a reverse-proxying web server, but if you really want to define it in your servlet, it's not a problem ...
Here's an example to point you towards managing this using a Filter.
http://www.java2s.com/Code/Java/Servlets/IPFilter.htm
Note that it doesnt include the web.xml entries, which would look something like this:
<filter>
<filter-name>IPFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>IPFilter</filter-name>
<servlet-name>MyServlet123</servlet-name>
</filter-mapping>
If you're using Spring (as in the filter-class above), you may want to use a Spring DelegatingFilterProxy, to simplify the solution, and give your filter access to other beans your applicationContext (potentially load client IP addresses from properties or even a database):
hth
amir75
2010-05-19 21:54:47
A:
I have learned to block IP address by insert .htaccess script in web server from this IP2Location website.
SuperRomia
2010-05-20 07:52:05