I'm trying to lock down access to the admin section of my Tomcat WebApp by using a filter in the web.xml file.
<filter>
<filter-name>Remote Address Filter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteAddrFilter</filter-class>
<init-param>
<param-name>allow</param-name>
<param-value>**my ip address**</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Remote Address Filter</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
It works just fine when I go through the port (i.e. address.com:8081/webapp/admin), however I have a ProxyPass set up to access the webapp through address.com/webapp/admin. I can't figure out how to run the filter when using the ProxyPass.
I am doing this all to have a clean URL without the port number and then whitelist access to the admin url structure for security reasons. I also don't need to worry about access through the port, because the port will be shutdown through the firewall. So I really just need to filter access through the ProxyPass to a very specific url structure (i.e. /webapp/admin/*).
So the issue was with the ProxyPass switching the IP address to local host. So you have to add extra code to the web.xml file to give access to the origin IP.
<filter>
<filter-name>RemoteIpFilter</filter-name>
<filter-class>org.apache.catalina.filters.RemoteIpFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>RemoteIpFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>