How to restrict connections to glassfish?

Question

Hello,

I'm running a web application on a glassfish 3 server. The application should not be accessible for anyone. Instead I want to limit access to a handful static IP addresses. To block all communication via a firewall is not an option, since the server hosts other web services too.

Given this background, my question would be: How can I tell glassfish to only respond to requests from given number of IP addresses?

Your help is highly appreciated!

Answer 1

IP based security is not very robust and... secure (think network topology changes, IP spoofing) but it should be possible to:

• create a virtual server
• configure the application to be available on that virtual server only
• define allowRemoteHost/denyRemoteHost properties at the virtual server level

A better alternative would be to move to certificates.

Answer 2

You can always write a filter that returns 404 or whatever for invalid IPs. Note that IPs can be spoofed.