Help

Filter/block JSS startup pages?

alexjdale
Valued Contributor III

Posted on ‎11-26-2019 08:33 AM

Has anyone found a good way to block or filter the startup pages (maybe anything with a # in the base URL) so they are only visible from certain IPs? For example, I don't want the startup pages on our DMZ instance to be visible to the Internet and have it prompt for the MySQL password, I only want those pages to show up internally. Externally, I don't want any console visibility at all.

I'm wondering if Tomcat can be configured to do this without requiring a filter on our network (which isn't possible with our current setup).

0 Kudos
1 REPLY 1

leslie
Contributor II
Contributor II

Posted on ‎11-26-2019 01:01 PM

Might check out the following if you've not already:
http://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#Remote_Address_Filter

For example to restrict web access to clients on 10.17.1.x and 10.18.1.x networks add the following to the bottom of the web.xml file.

<filter>
        <filter-name>CustomRemoteAddressFilter</filter-name>
        <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
        <init-param>
                <param-name>allow</param-name>
                <param-value>10.17.1.d+|10.18.1.d+</param-value>
        </init-param>
        <init-param>
                <param-name>denyStatus</param-name>
                <param-value>404</param-value>
        </init-param>
</filter>
<filter-mapping>
<filter-name>CustomRemoteAddressFilter</filter-name>
        <servlet-name>FrontEndController</servlet-name>
        <servlet-name>FrontEndUploadController</servlet-name>
        <servlet-name>InitializeServer</servlet-name>
        <servlet-name>PresentationLayerServlet</servlet-name>
</filter-mapping>
0 Kudos