views:

9

answers:

2

Hello,

I'm running a web application on a glassfish 3 server. The application should not be accessible for anyone. Instead I want to limit access to a handful static IP addresses. To block all communication via a firewall is not an option, since the server hosts other web services too.

Given this background, my question would be: How can I tell glassfish to only respond to requests from given number of IP addresses?

Your help is highly appreciated!

+1  A: 

IP based security is not very robust and... secure (think network topology changes, IP spoofing) but it should be possible to:

  • create a virtual server
  • configure the application to be available on that virtual server only
  • define allowRemoteHost/denyRemoteHost properties at the virtual server level

A better alternative would be to move to certificates.

Pascal Thivent
A: 

You can always write a filter that returns 404 or whatever for invalid IPs. Note that IPs can be spoofed.