How to block a IP address using web.xml?_问答_开发者

How to block a IP address using web.xml?

开发者 https://www.devze.com 2022-12-30 17:56 出处：网络

How can I block a ip address with some config开发者_StackOverflowuration on web.xml? Do I need a filter? How can I implement one?You can\'t do this purely through config in web.xml, no. A servlet fil

How can I block a ip address with some config开发者_StackOverflowuration on web.xml?

Do I need a filter? How can I implement one?

You can't do this purely through config in web.xml, no. A servlet filter would be a good place to implement such a thing, though.

The Filter interface supplies the HttpServletRequest as part of the filter chain invocation, and from that you can get the IP address of the client (using getRemoteAddr), and compare that to your list of permitted addresses.

Alternatively, your specific appserver might support IP filtering at a proprietary level, but that locks you into that container (which may or may not be a problem for you).

You cannot block IP addresses using web.xml. It should be done at Webserver, Container or Application Server level.

In case you are using Tomcat, you need to use Valve specification to block IP addresses. More information could be found using the following resources

http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html

http://hcmc.uvic.ca/blogs/index.php?blog=30&p=2658&more=1&c=1&tb=1&pb=1

figuring out the filter config and all that is left as an exercise to the reader.

import javax.servlet.*;
import java.io.IOException;

public class BlackListFilter implements Filter
{
    private String blacklistedip;

    @Override
    public void init(final FilterConfig filterConfig) throws ServletException
    {
        this.blacklistedip = filterConfig.getInitParameter("blacklistedip");
    }

    @Override
    public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain filterChain) throws IOException, ServletException
    {
        if (!request.getRemoteAddr().equals(this.blacklistedip))
        {
            filterChain.doFilter(request, response);
        }
    }

    @Override
    public void destroy()
    {
        // nothing
    }
}

I'd normally acheive this with a reverse-proxying web server, but if you really want to define it in your servlet, it's not a problem ...

Here's an example to point you towards managing this using a Filter.

http://www.java2s.com/Code/Java/Servlets/IPFilter.htm

Note that it doesnt include the web.xml entries, which would look something like this:

    <filter>
       <filter-name>IPFilter</filter-name>
       <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
       <filter-name>IPFilter</filter-name>
       <servlet-name>MyServlet123</servlet-name>
    </filter-mapping>

If you're using Spring (as in the filter-class above), you may want to use a Spring DelegatingFilterProxy, to simplify the solution, and give your filter access to other beans your applicationContext (potentially load client IP addresses from properties or even a database):

http://static.springsource.org/spring/docs/2.0.x/api/org/springframework/web/filter/DelegatingFilterProxy.html

hth