2 Replies Latest reply on Aug 7, 2018 1:03 AM by sarath gadde

    Restrict access to specific webpages for requests coming from specific IP addresses

    Nitin Jain Newbie

      Greetings,

       

      I would like to configure WildFly such that it allows requests coming from a certain IP address to a limited set of functionality or web pages. I am able to configure WildFly to allow or deny access to requests coming from a particular IP address; however not able to filter on the URL.

       

      In undertow subsystem, I have the following configuration.

       

      <subsystem xmlns="urn:jboss:domain:undertow:3.1">

      <buffer-cache name="default"/>

      <server name="default-server">

      <ajp-listener name="ajp" socket-binding="ajp"/>

      <http-listener name="default" socket-binding="http" redirect-socket="https"/>

      <https-listener name="https" security-realm="APP_Realm" socket-binding="https"/>

      <host name="default-host" alias="localhost">

      <location name="/" handler="welcome-content"/>

      <filter-ref name="server-header"/>

      <filter-ref name="x-powered-by-header"/>

      <filter-ref name="http-to-https" predicate="equals(%p,8180)"/>

      <filter-ref name="ip-access-rule-1"/>

      </host>

      </server>

      <servlet-container name="default">

      <jsp-config/>

      <websockets/>

      </servlet-container>

      <handlers>

      <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>

      </handlers>

      <filters>

      <response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>

      <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>

      <expression-filter name="ip-access-rule-1" expression="path-suffix('/screens/landing/case-list') -> ip-access-control(default-allow=false, acl={'11.240.19.14 allow'})"/>

      <rewrite name="http-to-https" redirect="true" target="https://app1:8543%U"/>

      </filters>

      </subsystem>

       

      Now, I would like to configure Wildfly to only allow requests with the pattern "/screens/landing/case-list" coming from IP 11.240.19.14, rest should be blocked. Please advise.

       

      Best Regards,

      Nitin Jain