Just yesterday, a client was inquiring about securing his m-Power applications so they could be accessed from only 1 IP address. His m-Power application was allowing users to clock in/out. For obvious reasons, he did not want a user to start logging in and out from home.
Of course, from an application stand point, we could always add in auditing to verify that records being added belonged to the valid IP address, but the client was interested in other alternatives. One that he suggested to me was quite useful, and I wanted to share that here.
Tomcat 6 ships with the ability to automatically allow or deny users from a specific IP address by adding just 1 line of code to your \m-power\tomcat\conf\server.xml file. IP addresses that are blacklisted are shown a HTTP 403 — Forbidden Error.
To try this out, open your \m-power\tomcat\conf\server.xml in Notepad. At the end of your document, you will find two contexts. One context is for the m-Power interface (/mrcwebgui) and the other is for end-user applications (/mrcjava). For this example, I will assume you want to secure the run time applications. Paste the below code directly above the “/context” tag.
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="YOUR_IP_ADDRESS_HERE"/>
In the end, your file will look like this:
<!-- mrcjava Context --> <Context path="/mrcjava" docBase="c:/m-power/mrcjava" debug="0" reloadable="true" privileged="true"> > <Logger className="org.apache.catalina.logger.FileLogger" prefix="mrcjava" suffix=".txt" timestamp="true"/> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="YOUR_IP_ADDRESS_HERE"/> </Context>
Note: You can also replace “allow” with “deny” to black list certain IP addresses.
Multiple IP addresses are comma separated.
You also can utilize wild cards to include specific subnets.
Be sure to save and restart your Tomcat service.
It doesn’t seem to work….
In the off chance that Tomcat is not allowing/restricting correctly, the most likely chance is the IP address you have listed is incorrect. Due to network configuration, your IP address may be a value that you do not expect. To help you identify the IP address that Tomcat recognizes, download this file and install it on your server in this directory:
Once there, direct your browser to,
http://YOUR_SERVER/test.jsp. This page will identify your IP Address, according to Tomcat. This information will help you when configuring your server.xml file.
Please let me know if you found this article useful!