how to restrict access to certain ip ranges

puzzlecracker · Nov 11, 2006

Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
access my webserver. How to restrict it..... what api and stratagy to
be used?

I am thinking of putting InetAddres's to HashMap of 128.X.X.0
-128.X.X.255.255 into hashmap and then see if it is there. similarly
for 160*

thanks

as4109 · Nov 11, 2006

puzzlecracker ha escrito:

Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
access my webserver. How to restrict it..... what api and stratagy to
be used?

First of all, you may find the following static function useful:

public static int aton(InetAddress ia) {
if (ia==null) return 0;
if (ia instanceof Inet4Address) {
byte[] a = ia.getAddress();
return ((a[0]<<24)
+ ((a[1]&0xFF)<<16)
+ ((a[2]&0xFF)<<8)
+ (a[3]&0xFF) );
} else {
/* (it's an IPv6 address...return '0' or throw an error or
whatever) */
}}

Given that function, you could check for such conditions with
expressions like

( ntoa(socket.getSocketAddress().getAddress())
& ntoa(new Inet4Address("255.0.0.0") ) == new
Inet4Address("160.0.0.0")

If you just want to determine if an address is "loopback" or
"multicast", you should probably use InetAddress.isLoopbackAddress()
and InetAddress.isMulticastAddress() instead.

Brandon McCombs · Nov 12, 2006

puzzlecracker said:
Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
access my webserver. How to restrict it..... what api and stratagy to
be used?

I am thinking of putting InetAddres's to HashMap of 128.X.X.0
-128.X.X.255.255 into hashmap and then see if it is there. similarly
for 160*

thanks

why aren't you implementing that type filter on the network itself
instead of in the application? IP filtering is the job of the network
or at least of software meant to manage that type of thing.

Greg R. Broderick · Nov 12, 2006

Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
access my webserver. How to restrict it..... what api and stratagy to
be used?

Far easier to use something like iptables to accomplish this. I'm sure that
the apache webserver also has some way to permit/deny connections from
specified hosts, but am not an apache expert.

Why reinvent the wheel?

Cheers
GRB

--
---------------------------------------------------------------------
Greg R. Broderick (e-mail address removed)

A. Top posters.
Q. What is the most annoying thing on Usenet?
---------------------------------------------------------------------

Configuring jetty: restricting service from certain IP addresses	9	Sep 26, 2007
Excluding IP-ranges	2	Jul 30, 2008
Restrict IP access to a Perl application	4	Jan 30, 2008
How to restrict IP range	1	Aug 21, 2005
Spring Boot Request Mapping: How to Handle Multiple Request Paths in a Controller	1	Oct 12, 2023
Restrict based on IP address	4	Nov 9, 2005
I want to simulate social network activity. How to approach the problem?	1	Oct 17, 2022
How can we restrict the ip range to access my web application	5	Jun 5, 2005

how to restrict access to certain ip ranges

puzzlecracker

as4109

Brandon McCombs

Greg R. Broderick

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads