how to restrict access to certain ip ranges

Discussion in 'Java' started by puzzlecracker, Nov 11, 2006.

  1. Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
    access my webserver. How to restrict it..... what api and stratagy to
    be used?

    I am thinking of putting InetAddres's to HashMap of 128.X.X.0
    -128.X.X.255.255 into hashmap and then see if it is there. similarly
    for 160*

    thanks
     
    puzzlecracker, Nov 11, 2006
    #1
    1. Advertising

  2. puzzlecracker

    Guest

    puzzlecracker ha escrito:
    > Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
    > access my webserver. How to restrict it..... what api and stratagy to
    > be used?


    First of all, you may find the following static function useful:

    public static int aton(InetAddress ia) {
    if (ia==null) return 0;
    if (ia instanceof Inet4Address) {
    byte[] a = ia.getAddress();
    return ((a[0]<<24)
    + ((a[1]&0xFF)<<16)
    + ((a[2]&0xFF)<<8)
    + (a[3]&0xFF) );
    } else {
    /* (it's an IPv6 address...return '0' or throw an error or
    whatever) */
    }}

    Given that function, you could check for such conditions with
    expressions like

    ( ntoa(socket.getSocketAddress().getAddress())
    & ntoa(new Inet4Address("255.0.0.0") ) == new
    Inet4Address("160.0.0.0")

    If you just want to determine if an address is "loopback" or
    "multicast", you should probably use InetAddress.isLoopbackAddress()
    and InetAddress.isMulticastAddress() instead.

    --
    DLL
     
    , Nov 11, 2006
    #2
    1. Advertising

  3. puzzlecracker wrote:
    > Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
    > access my webserver. How to restrict it..... what api and stratagy to
    > be used?
    >
    > I am thinking of putting InetAddres's to HashMap of 128.X.X.0
    > -128.X.X.255.255 into hashmap and then see if it is there. similarly
    > for 160*
    >
    > thanks
    >


    why aren't you implementing that type filter on the network itself
    instead of in the application? IP filtering is the job of the network
    or at least of software meant to manage that type of thing.
     
    Brandon McCombs, Nov 12, 2006
    #3
  4. "puzzlecracker" <> wrote in
    news::

    > Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
    > access my webserver. How to restrict it..... what api and stratagy to
    > be used?


    Far easier to use something like iptables to accomplish this. I'm sure that
    the apache webserver also has some way to permit/deny connections from
    specified hosts, but am not an apache expert.

    Why reinvent the wheel?

    Cheers
    GRB

    --
    ---------------------------------------------------------------------
    Greg R. Broderick

    A. Top posters.
    Q. What is the most annoying thing on Usenet?
    ---------------------------------------------------------------------
     
    Greg R. Broderick, Nov 12, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anan
    Replies:
    8
    Views:
    15,918
    John C. Bollinger
    Dec 8, 2004
  2. Replies:
    0
    Views:
    679
  3. Michael Onfrek
    Replies:
    7
    Views:
    451
    Michael Onfrek
    Jun 2, 2005
  4. Joshua Mostafa
    Replies:
    4
    Views:
    2,338
    Joshua Mostafa
    May 11, 2007
  5. Athen
    Replies:
    2
    Views:
    216
    Athen
    Aug 11, 2004
Loading...

Share This Page