3 Replies Latest reply on Jun 7, 2011 12:50 PM by bcn

how to bind to localhost, but allow one remote console access?

bcn Jun 6, 2011 12:12 PM

We have a jboss on a remote hosting server with an Apache web server.

I would like to limit the access to the administration console (in fact, to all pages with port 8080) to only one remote IP address (the office IP).

Can this be done with e.g. the binding parameter -b or is it only possible on OS / firewall level?

Of course, with -b officeIP the web application does not work anymore. The localhost must access the app server.

Thanks

1. Re: how to bind to localhost, but allow one remote console access?

wdfink Jun 6, 2011 1:06 PM (in response to bcn)

You try to use a external web application and the admin console on the same JBoss but you want to limit the admin console to internal use.

I see the posibillity if you bind to a local IP address and access the web site from external via apache with a filter to deny the admin URL.
Internal you can access the JBoss directly.
1 of 1 people found this helpful
Actions
2. Re: how to bind to localhost, but allow one remote console access?

bcn Jun 7, 2011 10:21 AM (in response to wdfink)

Thanks, but that would not allow to access the admin site externally from our IP.
But it brought me the following idea:
bind JBoss to localhost and define two proxies in Apache, one for my web app and one for all URLs like this:

ProxyPass /myapp ajp://127.0.0.1:8009/myapp
ProxyPassReverse /myapp ajp://127.0.0.1:8009/myapp

ProxyPass / ajp://127.0.0.1:8009/
ProxyPassReverse / ajp://127.0.0.1:8009/

and a filter to limit the access to the general proxy:
<ProxyMatch regexp>
Order Deny,Allow
Deny from all
Allow from officeIP
</ProxyMatch>

The problem where I am stuck is the regexp: it must match all URLs except the ones containing /myapp.
Any idea?

Thanks
Actions
3. Re: how to bind to localhost, but allow one remote console access?

bcn Jun 7, 2011 12:50 PM (in response to bcn)

<ProxyMatch "^(?:(?!myapp).)*$">

seems to work.
Actions