2 Replies Latest reply on Aug 7, 2018 1:03 AM by sarathgadde25

    Restrict access to specific webpages for requests coming from specific IP addresses

    nitin_jain
    nitin_jain Feb 20, 2018 8:55 AM

      Greetings,

       

      I would like to configure WildFly such that it allows requests coming from a certain IP address to a limited set of functionality or web pages. I am able to configure WildFly to allow or deny access to requests coming from a particular IP address; however not able to filter on the URL.

       

      In undertow subsystem, I have the following configuration.

       

      <subsystem xmlns="urn:jboss:domain:undertow:3.1">

      <buffer-cache name="default"/>

      <server name="default-server">

      <ajp-listener name="ajp" socket-binding="ajp"/>

      <http-listener name="default" socket-binding="http" redirect-socket="https"/>

      <https-listener name="https" security-realm="APP_Realm" socket-binding="https"/>

      <host name="default-host" alias="localhost">

      <location name="/" handler="welcome-content"/>

      <filter-ref name="server-header"/>

      <filter-ref name="x-powered-by-header"/>

      <filter-ref name="http-to-https" predicate="equals(%p,8180)"/>

      <filter-ref name="ip-access-rule-1"/>

      </host>

      </server>

      <servlet-container name="default">

      <jsp-config/>

      <websockets/>

      </servlet-container>

      <handlers>

      <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>

      </handlers>

      <filters>

      <response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>

      <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>

      <expression-filter name="ip-access-rule-1" expression="path-suffix('/screens/landing/case-list') -> ip-access-control(default-allow=false, acl={'11.240.19.14 allow'})"/>

      <rewrite name="http-to-https" redirect="true" target="https://app1:8543%U"/>

      </filters>

      </subsystem>

       

      Now, I would like to configure Wildfly to only allow requests with the pattern "/screens/landing/case-list" coming from IP 11.240.19.14, rest should be blocked. Please advise.

       

      Best Regards,

      Nitin Jain

      • 3331 Views
      • Tags:
        • 1. Re: Restrict access to specific webpages for requests coming from specific IP addresses
          nitin_jain
          nitin_jain Feb 21, 2018 1:48 AM (in response to nitin_jain)

          Hello Forum,

           

          I have a solution to the problem. In order to restrict requests originating from an IP address, limit access to a particular URL; however all any/all requests originating from other IP addresses, one can use the following.

           

          <expression-filter name="ip-access-rule-1" expression="not path-prefix('/screens/landing/case-list') -> ip-access-control(default-allow=true, acl={'11.240.19.14 deny'})"/>

           

          Thanks

          Nitin Jain

            • Actions
          • 2. Re: Restrict access to specific webpages for requests coming from specific IP addresses
            sarathgadde25
            sarathgadde25 Aug 7, 2018 1:03 AM (in response to nitin_jain)

            Hi Nitin,

             

            Hope you are doing great !!!

             

            I have an requirement to restrict access only to specific configured servers. WildFly should forbid the requests coming from other servers.

             

            We have a Java API WAR file deployed in WildFly-8.2.0 and this API should be processed within the system such that no source/server should access this API. WildFly should process the REST calls coming only from the configured servers (or IP Addresses) and should forbid the requests coming from other servers (or IP Addresses). Can you please help me to implement this in WildFly-8.2.0.

             

            Thanks,

            Sarath G

              • Actions