Informational Pages Access: Multiple Filters?
Answered
Hi,
We're looking to restrict access to the information pages.
We'd like to do a combination of IP access as mentioned here:
And authenticated users as mentioned here:
However when we try to add both, neither works. On their own, they do
Here is what we added (IP removed). Can you tell me what we may be doing wrong?
<filter>
<filter-name>IPFilter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
<init-param>
<param-name>allow</param-name>
<param-value>IP ADDRESS</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>IPFilter</filter-name>
<url-pattern>/info.jsp</url-pattern>
<url-pattern>/info_browser.jsp</url-pattern>
<url-pattern>/info_cache.jsp</url-pattern>
<url-pattern>/info_threads.jsp</url-pattern>
</filter-mapping>
<filter>
<filter-name>NotLoggedInFilter</filter-name>
<filter-class>com.hof.adapter.NotLoggedInFilter</filter-class>
<init-param>
<param-name>restrictedEntryPoint</param-name>
<param-value>/info.jsp,/info_threads.jsp,/info_cache.jsp,/info_browser.jsp</param-value>
</init-param>
<init-param>
<param-name>redirectUrl</param-name>
<param-value>/?</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>NotLoggedInFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> Thanks
Dean
The same question
Have just noticed that info_threads_enhanced.jsp is missing from both those guides by the way!
Have just noticed that info_threads_enhanced.jsp is missing from both those guides by the way!
Hi Chris,
Just to update, we managed to get it working after a little more research.
Firstly we needed to rearrange the XML.
However we still had an issue and it was due to our load balancer presenting it's IP rather than the client's. We added another bit to get around that and it all works.
Below is our filter code (ip removed naturally), in case others have the same issue. We also added info_threads_enhanced.jsp as mentioned previously
<filter> <filter-name>RemoteIpFilter</filter-name> <filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> </filter> <filter> <filter-name>IPFilter</filter-name> <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class> <init-param> <param-name>allow</param-name> <param-value>IP ADDRESS</param-value> </init-param> </filter> <filter> <filter-name>NotLoggedInFilter</filter-name> <filter-class>com.hof.adapter.NotLoggedInFilter</filter-class> <init-param> <param-name>restrictedEntryPoint</param-name> <param-value>/info.jsp,/info_threads.jsp,/info_cache.jsp,/info_browser.jsp,/info_threads_enhanced.jsp</param-value> </init-param> <init-param> <param-name>redirectUrl</param-name> <param-value>/?</param-value> </init-param> </filter> <filter-mapping> <filter-name>RemoteIpFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping> <filter-mapping> <filter-name>IPFilter</filter-name> <url-pattern>/info.jsp</url-pattern> <url-pattern>/info_browser.jsp</url-pattern> <url-pattern>/info_cache.jsp</url-pattern> <url-pattern>/info_threads.jsp</url-pattern> <url-pattern>/info_threads_enhanced.jsp</url-pattern> </filter-mapping> <filter-mapping> <filter-name>NotLoggedInFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>Thanks
Dean
Hi Chris,
Just to update, we managed to get it working after a little more research.
Firstly we needed to rearrange the XML.
However we still had an issue and it was due to our load balancer presenting it's IP rather than the client's. We added another bit to get around that and it all works.
Below is our filter code (ip removed naturally), in case others have the same issue. We also added info_threads_enhanced.jsp as mentioned previously
<filter> <filter-name>RemoteIpFilter</filter-name> <filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class> </filter> <filter> <filter-name>IPFilter</filter-name> <filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class> <init-param> <param-name>allow</param-name> <param-value>IP ADDRESS</param-value> </init-param> </filter> <filter> <filter-name>NotLoggedInFilter</filter-name> <filter-class>com.hof.adapter.NotLoggedInFilter</filter-class> <init-param> <param-name>restrictedEntryPoint</param-name> <param-value>/info.jsp,/info_threads.jsp,/info_cache.jsp,/info_browser.jsp,/info_threads_enhanced.jsp</param-value> </init-param> <init-param> <param-name>redirectUrl</param-name> <param-value>/?</param-value> </init-param> </filter> <filter-mapping> <filter-name>RemoteIpFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping> <filter-mapping> <filter-name>IPFilter</filter-name> <url-pattern>/info.jsp</url-pattern> <url-pattern>/info_browser.jsp</url-pattern> <url-pattern>/info_cache.jsp</url-pattern> <url-pattern>/info_threads.jsp</url-pattern> <url-pattern>/info_threads_enhanced.jsp</url-pattern> </filter-mapping> <filter-mapping> <filter-name>NotLoggedInFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>Thanks
Dean
Hi Dean,
After a bit of experimentation, I was able to get this to work. It might be the order of the filters that is preventing it on your end. Here's what I added to my web.xml:
<filter>
For me, the IP filter wouldn't work unless I also included the IPv6 address as well.Kind regards,
Chris
Hi Dean,
After a bit of experimentation, I was able to get this to work. It might be the order of the filters that is preventing it on your end. Here's what I added to my web.xml:
<filter>
For me, the IP filter wouldn't work unless I also included the IPv6 address as well.Kind regards,
Chris
Hi Dean,
I've just seen your follow up response, I'm glad you were able to get it working! And it seems you came to the same conclusion.
I might update our documentation to include this new information.
Kind regards,
Chris
Hi Dean,
I've just seen your follow up response, I'm glad you were able to get it working! And it seems you came to the same conclusion.
I might update our documentation to include this new information.
Kind regards,
Chris
Thanks Chris
I think our actual issue was the load balancer IP but we thought it was how we did it
Just a quick follow up question if you don't mind
As mentioned, info_threads_enhanced.jsp is missing from those guides. Just wondering if there is a full list of *.jsp files? Wondering if there is anything else sensitive missing
Thanks
Dean
Thanks Chris
I think our actual issue was the load balancer IP but we thought it was how we did it
Just a quick follow up question if you don't mind
As mentioned, info_threads_enhanced.jsp is missing from those guides. Just wondering if there is a full list of *.jsp files? Wondering if there is anything else sensitive missing
Thanks
Dean
Hi Dean,
I'm pretty sure the only ones that accessible by default are those listed here https://wiki.yellowfinbi.com/display/yfcurrent/Application+Server+Security#ApplicationServerSecurity-Informationalpages
I certainly haven't heard of any others.
Kind regards,
Chris
Hi Dean,
I'm pretty sure the only ones that accessible by default are those listed here https://wiki.yellowfinbi.com/display/yfcurrent/Application+Server+Security#ApplicationServerSecurity-Informationalpages
I certainly haven't heard of any others.
Kind regards,
Chris
Thanks Chris
I'll add them to our filters, just to be sure
You can close this off now
Thanks again
Dean
Thanks Chris
I'll add them to our filters, just to be sure
You can close this off now
Thanks again
Dean
No worries, Dean. Have a nice afternoon.
Kind regards,
Chris
No worries, Dean. Have a nice afternoon.
Kind regards,
Chris
Replies have been locked on this page!