How do I secure access from a given subnet only?

2009-04-09
Very often, you will want to make sure that the QueueMetrics application is accessible only from a given subnet. Even if QueueMetrics has its own security mechanism built-in, denying access to all clients that have no right to access QM will surely improve security.

In order to do so, you just edit the file: /usr/local/queuemetrics/tomcat/conf/Catalina/localhost/queuemetrics.xml so that it looks like the following one.


<Context docBase="/usr/local/queuemetrics/webapps/queuemetrics-1.5.1"
path="/queuemetrics">

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/>

</Context>
You could use the following format for the address instead of 127.0.0.1:
  • allow="1.2.3.4, 1.2.3.5, 1.2.3.7" to specify multiple IP addresses, or
  • allow="128.117.140.*" to specify a full class.
If all goes well, when you restart QueueMetrics and try to access it from a forbidden IP address, you get the message "Access to the specified resource has been forbidden."

Please note that the queuemetrics.xml file is rebuilt upon automatic update, so you will have to edit it after running "yum update".

Permalink - Back to FAQs

QueueMetrics Training