Skip to main content

Has anyone found a good way to block or filter the startup pages (maybe anything with a # in the base URL) so they are only visible from certain IPs? For example, I don't want the startup pages on our DMZ instance to be visible to the Internet and have it prompt for the MySQL password, I only want those pages to show up internally. Externally, I don't want any console visibility at all.



I'm wondering if Tomcat can be configured to do this without requiring a filter on our network (which isn't possible with our current setup).

Might check out the following if you've not already:
http://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#Remote_Address_Filter



For example to restrict web access to clients on 10.17.1.x and 10.18.1.x networks add the following to the bottom of the web.xml file.



<filter>

        <filter-name>CustomRemoteAddressFilter</filter-name>

        <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>

        <init-param>

                <param-name>allow</param-name>

                <param-value>10.17.1.d+|10.18.1.d+</param-value>

        </init-param>

        <init-param>

                <param-name>denyStatus</param-name>

                <param-value>404</param-value>

        </init-param>

</filter>

<filter-mapping>

<filter-name>CustomRemoteAddressFilter</filter-name>

        <servlet-name>FrontEndController</servlet-name>

        <servlet-name>FrontEndUploadController</servlet-name>

        <servlet-name>InitializeServer</servlet-name>

        <servlet-name>PresentationLayerServlet</servlet-name>

</filter-mapping>

Reply


Terms & ConditionsCookie settings