Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Java (http://www.velocityreviews.com/forums/f30-java.html)
-   -   how to restrict access to certain ip ranges (http://www.velocityreviews.com/forums/t388537-how-to-restrict-access-to-certain-ip-ranges.html)

puzzlecracker 11-11-2006 08:57 PM

how to restrict access to certain ip ranges
 
Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
access my webserver. How to restrict it..... what api and stratagy to
be used?

I am thinking of putting InetAddres's to HashMap of 128.X.X.0
-128.X.X.255.255 into hashmap and then see if it is there. similarly
for 160*

thanks


as4109@wayne.edu 11-11-2006 11:49 PM

Re: how to restrict access to certain ip ranges
 
puzzlecracker ha escrito:
> Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
> access my webserver. How to restrict it..... what api and stratagy to
> be used?


First of all, you may find the following static function useful:

public static int aton(InetAddress ia) {
if (ia==null) return 0;
if (ia instanceof Inet4Address) {
byte[] a = ia.getAddress();
return ((a[0]<<24)
+ ((a[1]&0xFF)<<16)
+ ((a[2]&0xFF)<<8)
+ (a[3]&0xFF) );
} else {
/* (it's an IPv6 address...return '0' or throw an error or
whatever) */
}}

Given that function, you could check for such conditions with
expressions like

( ntoa(socket.getSocketAddress().getAddress())
& ntoa(new Inet4Address("255.0.0.0") ) == new
Inet4Address("160.0.0.0")

If you just want to determine if an address is "loopback" or
"multicast", you should probably use InetAddress.isLoopbackAddress()
and InetAddress.isMulticastAddress() instead.

--
DLL


Brandon McCombs 11-12-2006 12:26 AM

Re: how to restrict access to certain ip ranges
 
puzzlecracker wrote:
> Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
> access my webserver. How to restrict it..... what api and stratagy to
> be used?
>
> I am thinking of putting InetAddres's to HashMap of 128.X.X.0
> -128.X.X.255.255 into hashmap and then see if it is there. similarly
> for 160*
>
> thanks
>


why aren't you implementing that type filter on the network itself
instead of in the application? IP filtering is the job of the network
or at least of software meant to manage that type of thing.

Greg R. Broderick 11-12-2006 02:38 AM

Re: how to restrict access to certain ip ranges
 
"puzzlecracker" <ironsel2000@gmail.com> wrote in
news:1163278668.638218.259720@h54g2000cwb.googlegr oups.com:

> Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
> access my webserver. How to restrict it..... what api and stratagy to
> be used?


Far easier to use something like iptables to accomplish this. I'm sure that
the apache webserver also has some way to permit/deny connections from
specified hosts, but am not an apache expert.

Why reinvent the wheel?

Cheers
GRB

--
---------------------------------------------------------------------
Greg R. Broderick gregb.usenet200609@blackholio.dyndns.org

A. Top posters.
Q. What is the most annoying thing on Usenet?
---------------------------------------------------------------------


All times are GMT. The time now is 05:58 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.