Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / November 2006

Tip: Looking for answers? Try searching our database.

how to restrict access to certain ip ranges

Thread view: 
Enable EMail AlertsStart New Thread
puzzlecracker - 11 Nov 2006 20:57 GMT
Let's say, I only allow  ips in 128.X.X.X/16 and 160.X.0.0. blocks  to
access my webserver. How to restrict it..... what api and stratagy to
be used?

I  am thinking of putting InetAddres's to HashMap of 128.X.X.0
-128.X.X.255.255 into hashmap and then see if it is there. similarly
for 160*

thanks
Reply to this Message
as4109@wayne.edu - 11 Nov 2006 23:49 GMT
puzzlecracker ha escrito:
> Let's say, I only allow  ips in 128.X.X.X/16 and 160.X.0.0. blocks  to
> access my webserver. How to restrict it..... what api and stratagy to
> be used?

First of all, you may find the following static function useful:

  public static int aton(InetAddress ia) {
     if (ia==null) return 0;
     if (ia instanceof Inet4Address) {
    byte[] a = ia.getAddress();
    return ((a[0]<<24)
        + ((a[1]&0xFF)<<16)
        + ((a[2]&0xFF)<<8)
        +  (a[3]&0xFF)     );
     } else {
           /* (it's an IPv6 address...return '0' or throw an error or
whatever) */
}}

Given that function,  you could check for such conditions with
expressions like

  ( ntoa(socket.getSocketAddress().getAddress())
    & ntoa(new Inet4Address("255.0.0.0") ) == new
Inet4Address("160.0.0.0")

If you just want to determine if an address is "loopback" or
"multicast",  you should probably use InetAddress.isLoopbackAddress()
and InetAddress.isMulticastAddress() instead.

--
DLL
Reply to this Message
Brandon McCombs - 12 Nov 2006 00:23 GMT
> Let's say, I only allow  ips in 128.X.X.X/16 and 160.X.0.0. blocks  to
> access my webserver. How to restrict it..... what api and stratagy to
[quoted text clipped - 5 lines]
>
> thanks

why aren't you implementing that type filter on the network itself
instead of in the application?  IP filtering is the job of the network
or at least of software meant to manage that type of thing.
Reply to this Message
Greg R. Broderick - 12 Nov 2006 02:38 GMT
> Let's say, I only allow  ips in 128.X.X.X/16 and 160.X.0.0. blocks  to
> access my webserver. How to restrict it..... what api and stratagy to
> be used?

Far easier to use something like iptables to accomplish this.  I'm sure that
the apache webserver also has some way to permit/deny connections from
specified hosts, but am not an apache expert.

Why reinvent the wheel?

Cheers
GRB

Signature

---------------------------------------------------------------------
Greg R. Broderick            gregb.usenet200609@blackholio.dyndns.org

A. Top posters.
Q. What is the most annoying thing on Usenet?
---------------------------------------------------------------------

Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.