How to block IPs in Apache Tomcat?
May 21, 2005 12:31 PM   Subscribe

Recently a wiki that I host has been defaced pretty badly by some Asian group. I'd like to block an ip address or a range of addresses from my web server. I'm running Jakarta Tomcat on a Windows XP Pro box but Google hasn't been able to tell me how to do this.
posted by furtive to Computers & Internet (7 answers total)
I haven't used Tomcat, but if it's Apache underneath all that, you want to use the features in mod_access, documented here.

At the most basic level, something like
<Location /wiki>   Order deny,allow       # Allow, unless matched by a deny line   Deny from  # or "" or even "10.5.9"</Location>
ought to do it. That can also go in an existing Location or Directory block. Again, I'm not sure if there is something Tomcat-ish that will interfere with that, but I would be surprised if that's the case.

Replace "/wiki" with the URL path you're interested in blocking, or "/" for the whole shebang. Use a Directory block instead of a Location block if you want to indicate a path on the filesystem instead of in a URL. (You could also just have the Order/Deny directives outside of any Directory or Location block if you wanted them server-wide.
posted by mendel at 1:12 PM on May 21, 2005

Best answer: Ah, I figured it out. There is a Valve called Remote Address Filter which permits you to block IPs using regexp. A sample below:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="61\.145\.233\.118" />

posted by furtive at 1:24 PM on May 21, 2005

Response by poster: Hmm, can't mark my own comment as a best answer.
posted by furtive at 1:25 PM on May 21, 2005

If the group is halfway resourceful they'll find a proxy server to get around the IP block, so you should think ahead to what happens if they return. I'd plan on better security (logins?) or a moderator team; anything to increase the work for them and diminish the rewards.
posted by rolypolyman at 2:43 PM on May 21, 2005

Response by poster: rolypolyman I completely agree. I"m using JSP Wiki and a newer version does have the ability to limit permissions of those who can change pages, however I currently don't have the time to upgrade it. I'm pretty sure that whatever defaced my site did so in an automated way, and because they are in asia and not other traffic seems to come from there I don't mind blocking a range of IPs as a quick fix for now. The site will probably migrate to a blog format anyways and the wiki content will become static pages.
posted by furtive at 4:44 PM on May 21, 2005

those asians are so cunning. they might even be asians living in other countries and going through asia only because they happen to own a box there, just to confuse you in an asian kind of way. from asia.
posted by andrew cooke at 8:49 PM on May 21, 2005

Response by poster: That's very clever of you Andrew. The URLs that were spammed on the wiki all pointed to a specific site that was Asian, and the traceroute hops over the pacific. Is it a plot to convince me that I should block all traffic from China? I doubt it. Are you being an arse in AskMefi? I'm pretty sure of it.
posted by furtive at 9:21 PM on May 22, 2005

« Older iTunes 4.8 visualizer   |   Origins of naming our offspring. Newer »
This thread is closed to new comments.