Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Restrict a single webapp to localhost

You would want virtual hosts configurations, I would think.

<?xml version="1.0"  encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
  <Set name="virtualHosts">
    <Array type="java.lang.String">

But I'm not sure it will work from WEB-INF/jetty-web.xml (might be too late in the configuration chain)
Also, I'm not sure this is 100% foolproof either.
As this is merely a "Host:" request header check, and someone could connect to your publicly addressable network interface and provide a custom "Host: localhost" header.    This would be true for a connector configuration setup for host "" (all network interfaces)

However, you could tie it to a specific connector on the jetty server, using <Item>@localhostonly</Item> (connector based virtual hosts).
The problem is that you would then need to setup a special connector that specifies a name of "localhostonly" for it to bind to.

Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts

On Tue, Feb 11, 2014 at 1:01 AM, Thomas Scheffler <thomas.scheffler@xxxxxxxxxxx> wrote:

I have a single webapp that should only be accessible by request from localhost (ipv4/ipv6). I am looking for a way to configure it in WEB-INF/jetty-web.xml
I provide a file (META-INF/context.xml) for Tomcat, that looks like this:

  <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

Yet I was not successful achieving the same with jetty 9.1. Any help is highly appreciated.

kind regards

Thomas Scheffler
jetty-users mailing list

Back to the top