2 Replies Latest reply on May 25, 2011 12:38 PM by Juan A. S.

    Limit access to applications by IP

    Juan A. S. Newbie

      Hi

       

      I am configuring JBoss/mod_cluster to serve the applications with Apache. Now I want to disable the access to those application by the clientes in JBoss, just by the Apache, but allow to access to administration applications from anywhere directly to the JBoss (I have configured the authentication for consoles). How can I do this? Is there any "centralized" file where I can define this without have to modify each deployed application config? My goal is this:

       

      • Management applications (web-console, status, jmx-console, admin-console): allow from anywhere.
      • Certain applications (ROOT, jbossws, juddi): deny from all (or allow only from 127.0.0.1).
      • Deployed applications: allow only from Apache servers (and perhaps 127.0.0.1), deny from anywhere else.

       

      Thanks in advance.

        • 1. Re: Limit access to applications by IP
          Mark Paluch Master

          Hi Juan,

          having an Apache in front of your JBoss is a big advantage. I would prefer to disable the JBoss HTTP-Connector and handle all traffic via Apache. There you can limit or allow access to your apps via <Location /web-console> deny from all; allow from *.your.domain; and so on.

          In a Tomcat-Environment you could use RemoteAdressValve to limit access to your context. JBoss does not need an explicit context config, as it pulls it's info from jboss-web.xml or some EAR data, I think, that Apache would be the only possibility. Perhaps someone else from community knows a trick.

           

          Best regards,

          Mark

          1 of 1 people found this helpful
          • 2. Re: Limit access to applications by IP
            Juan A. S. Newbie

            Hi

             

            Thanks for your answer. Finally, I will publish all applications through Apache, and limit the access to JBoss to only the Apache's. As administration applications are secured, i don't care "normal users" can access them, as the will be prompted for a user with permissions the don't have. The original post was to avoid to publish all administration applications with Apache, but I have realized it has not much sense.

             

            Thanks again and regards.