How do I secure access from a given subnet only?
2009-04-09Very often, you will want to make sure that the QueueMetrics application is accessible only
from a given subnet. Even if QueueMetrics has its own security mechanism built-in, denying
access to all clients that have no right to access QM will surely improve security.
In order to do so, you just edit the file: /usr/local/queuemetrics/tomcat/conf/Catalina/localhost/queuemetrics.xml so that it looks like the following one.
Please note that the queuemetrics.xml file is rebuilt upon automatic update, so you will have to edit it after running "yum update".
In order to do so, you just edit the file: /usr/local/queuemetrics/tomcat/conf/Catalina/localhost/queuemetrics.xml so that it looks like the following one.
<Context docBase="/usr/local/queuemetrics/webapps/queuemetrics-1.5.1"
path="/queuemetrics">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/>
</Context>
You could use the following format for the address instead of 127.0.0.1:
- allow="1.2.3.4, 1.2.3.5, 1.2.3.7" to specify multiple IP addresses, or
- allow="128.117.140.*" to specify a full class.
Please note that the queuemetrics.xml file is rebuilt upon automatic update, so you will have to edit it after running "yum update".