2013-05-27 136 views
5

我想限制哪些URL可以在我的Tomcat服務器上根據IP地址訪問。我試圖做的是允許在通過回送地址(即本地主機)訪問tomcat時訪問任何地方,並且只允許訪問所有其他遠程IP的某些區域。我在conf/web.xml中有以下兩個過濾器,但它們並沒有按照我的意願行事。現在所有遠程訪問被拒絕(不是我想要的)和全部本地訪問正在被允許(我想要的)。我無法讓tomcat允許所有IP地址訪問/ terms/,/ help/等。使用多個Tomcat容器提供的過濾器(遠程地址過濾器)

任何指針非常感謝。

<!-- ================== Built In Filter Definitions ===================== --> 

<filter> 
    <filter-name>Restrict Remote Filter</filter-name> 
    <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class> 
    <init-param> 
     <param-name>allow</param-name> 
     <param-value>\d+\.\d+\.\d+\.\d+</param-value> <!-- for any IP address, * not allowed here --> 
    </init-param> 
</filter> 
<filter-mapping> 
    <filter-name>Restrict Remote Filter</filter-name> 
    <url-pattern>/terms/*, /help/*, /messagebroker/*</url-pattern> <!-- allow access to these areas only --> 
</filter-mapping> 

<filter> 
    <filter-name>Allow Localhost Filter</filter-name> 
    <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class> 
    <init-param> 
     <param-name>allow</param-name> 
     <param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value> <!-- for localhost access… --> 
    </init-param> 
</filter> 
<filter-mapping> 
    <filter-name>Allow Localhost Filter</filter-name> 
    <url-pattern>/*</url-pattern> <!-- access all areas --> 
</filter-mapping> 

回答

3
<url-pattern>/terms/*, /help/*, /messagebroker/*</url-pattern> 

嘗試每個模式單獨url-pattern的,據我所知,字符「」(逗號)不能被識別爲特殊字符,而您的網址的一部分。試試這個:

<url-pattern>/terms/*</url-pattern> 
<url-pattern>/help/*</url-pattern> 
<url-pattern>/messagebroker/*</url-pattern>