how to restrict access to certain ip ranges

P

puzzlecracker

Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
access my webserver. How to restrict it..... what api and stratagy to
be used?

I am thinking of putting InetAddres's to HashMap of 128.X.X.0
-128.X.X.255.255 into hashmap and then see if it is there. similarly
for 160*

thanks
 
A

as4109

puzzlecracker ha escrito:
Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
access my webserver. How to restrict it..... what api and stratagy to
be used?

First of all, you may find the following static function useful:

public static int aton(InetAddress ia) {
if (ia==null) return 0;
if (ia instanceof Inet4Address) {
byte[] a = ia.getAddress();
return ((a[0]<<24)
+ ((a[1]&0xFF)<<16)
+ ((a[2]&0xFF)<<8)
+ (a[3]&0xFF) );
} else {
/* (it's an IPv6 address...return '0' or throw an error or
whatever) */
}}

Given that function, you could check for such conditions with
expressions like

( ntoa(socket.getSocketAddress().getAddress())
& ntoa(new Inet4Address("255.0.0.0") ) == new
Inet4Address("160.0.0.0")

If you just want to determine if an address is "loopback" or
"multicast", you should probably use InetAddress.isLoopbackAddress()
and InetAddress.isMulticastAddress() instead.
 
B

Brandon McCombs

puzzlecracker said:
Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
access my webserver. How to restrict it..... what api and stratagy to
be used?

I am thinking of putting InetAddres's to HashMap of 128.X.X.0
-128.X.X.255.255 into hashmap and then see if it is there. similarly
for 160*

thanks

why aren't you implementing that type filter on the network itself
instead of in the application? IP filtering is the job of the network
or at least of software meant to manage that type of thing.
 
G

Greg R. Broderick

Let's say, I only allow ips in 128.X.X.X/16 and 160.X.0.0. blocks to
access my webserver. How to restrict it..... what api and stratagy to
be used?

Far easier to use something like iptables to accomplish this. I'm sure that
the apache webserver also has some way to permit/deny connections from
specified hosts, but am not an apache expert.

Why reinvent the wheel?

Cheers
GRB

--
---------------------------------------------------------------------
Greg R. Broderick (e-mail address removed)

A. Top posters.
Q. What is the most annoying thing on Usenet?
---------------------------------------------------------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top