Restricting connections to jboss to certain IP addresses

Question

We are using Apache Solr in our application to provide search capabilities. We are deploying the solr.war file to jboss along with our application. However solr is now accessible to everyone from the jboss_host/solr URL.

How can we prevent /solr/ being accessible by all IP addresses? We would like to restrict to certain IP addresses namely the jboss_host and couple of other management API hosts.

Answer 1

you could use a filter:

org.apache.catalina.filters.RemoteAddrFilter

Like this:

<filter>
  <filter-name>Remote Address Filter</filter-name>
  <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
  <init-param>
    <param-name>allow</param-name>
    <param-value>127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>Remote Address Filter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>