Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Restrict a single webapp to localhost

You would want virtual hosts configurations, I would think.

<?xml version="1.0"  encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
 
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
  <Set name="virtualHosts">
    <Array type="java.lang.String">
      <Item>localhost</Item>
      <Item>127.0.0.1</Item>
      <Item>::1</Item>
      <Item>0:0:0:0:0:0:0:1</Item>
    </Array>
  </Set>
</Configure>

But I'm not sure it will work from WEB-INF/jetty-web.xml (might be too late in the configuration chain)
Also, I'm not sure this is 100% foolproof either.
As this is merely a "Host:" request header check, and someone could connect to your publicly addressable network interface and provide a custom "Host: localhost" header.    This would be true for a connector configuration setup for host "0.0.0.0" (all network interfaces)

However, you could tie it to a specific connector on the jetty server, using <Item>@localhostonly</Item> (connector based virtual hosts).
The problem is that you would then need to setup a special connector that specifies a name of "localhostonly" for it to bind to.

http://www.eclipse.org/jetty/documentation/current/configuring-virtual-hosts.html


--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts


On Tue, Feb 11, 2014 at 1:01 AM, Thomas Scheffler <thomas.scheffler@xxxxxxxxxxx> wrote:
Hi,

I have a single webapp that should only be accessible by request from localhost (ipv4/ipv6). I am looking for a way to configure it in WEB-INF/jetty-web.xml
I provide a file (META-INF/context.xml) for Tomcat, that looks like this:

<Context>
  <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
</Context>

Yet I was not successful achieving the same with jetty 9.1. Any help is highly appreciated.

kind regards

Thomas Scheffler
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users


Back to the top