Restricting requests

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Restricting requests

Eric Rizzo
I'm using Jetty in non-embedded mode (meaning I'm starting the server
using start.jar as opposed to using the Java API from my own code). I
need to only accept incoming connections/requests from a certain host
(localhost/127.0.0.1 in this case).
I know I could implement it a variety of ways, including a servlet
filter. But I would like to make it as difficult as possible for this
restriction to be removed, so using a servlet filter is not very good
because it can be removed by a simple edit of web.xml

I could put it in the my servlet directly, but again that would be
easy to circumvent.

So my question is, are there any other mechanisms in Jetty that will
provide this kind of restriction and yet make it non-trivial to
disable? Would it be more efficient to just bite the bullet and go
through the trouble of creating my own launcher class and embed Jetty
that way, using the API to implement the localhost check?

TIA,
Eric


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support
Reply | Threaded
Open this post in threaded view
|

Re: Restricting requests

Greg Wilkins-5

Eric,

The simplest way to only accept requests from 127.0.0.1 is to modify jetty.xml
so the listeners (connectors) are only configured to listen on 127.0.0.1
instead of 0.0.0.0

But also easy to change... but then is almost everything unless you write code.

cheers


Eric Rizzo wrote:

> I'm using Jetty in non-embedded mode (meaning I'm starting the server
> using start.jar as opposed to using the Java API from my own code). I
> need to only accept incoming connections/requests from a certain host
> (localhost/127.0.0.1 in this case).
> I know I could implement it a variety of ways, including a servlet
> filter. But I would like to make it as difficult as possible for this
> restriction to be removed, so using a servlet filter is not very good
> because it can be removed by a simple edit of web.xml
>
> I could put it in the my servlet directly, but again that would be
> easy to circumvent.
>
> So my question is, are there any other mechanisms in Jetty that will
> provide this kind of restriction and yet make it non-trivial to
> disable? Would it be more efficient to just bite the bullet and go
> through the trouble of creating my own launcher class and embed Jetty
> that way, using the API to implement the localhost check?
>
> TIA,
> Eric
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Jetty-support mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/jetty-support
>



-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support
Reply | Threaded
Open this post in threaded view
|

Re: Re: Restricting requests

Eric Rizzo
On 10/7/05, Greg Wilkins <[hidden email]> wrote:
>
> Eric,
>
> The simplest way to only accept requests from 127.0.0.1 is to modify jetty.xml
> so the listeners (connectors) are only configured to listen on 127.0.0.1
> instead of 0.0.0.0
>
> But also easy to change... but then is almost everything unless you write code.

Thanks, setting the Host property of the SocketListener seems to have
done the trick.
I suspected that anything outside of Java code would be easily
modified - I may still go the embedded Jetty route for that reason.

Thanks again,
Eric


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support