Meaningless Drivel is fun!*
The moose likes Tomcat and the fly likes Give access to files only if the request comes from localhost Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Give access to files only if the request comes from localhost" Watch "Give access to files only if the request comes from localhost" New topic
Author

Give access to files only if the request comes from localhost

Andrei Antonescu
Ranch Hand

Joined: Jul 08, 2010
Posts: 75
Hello all,

I have a picture x.jpg on a Tomcat webserver. I want to show the picture in my webapp. Let's say that the picture url is: http://www.x.com/pic.jpg. I want to be able
to show the picture in my webapp, but If I enter http://www.x.com/pic.jpg in the url of my browser, then the picture must not be visible.

So tomcat must allow the requests for http://www.x.com/pic.jpg to come only from localhost (from my webapp).

Is that even possible?

Thanks in advance
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39576
    
  27
The Remote Address Filter and/or the Remote Host Filter should be able to do this, assuming that you want to restrict access to ALL of Tomcat: http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter

If it's just certain images, then you can serve those through a servlet that checks the remote address/host.


Ping & DNS - updated with new look and Ping home screen widget
leo donahue
Ranch Hand

Joined: Apr 17, 2003
Posts: 327
The remote address filter valve can be located in a Context and that context can be in /META-INF/context.xml. this would restrict access to a specific webapp.


Thanks, leo
Andrei Antonescu
Ranch Hand

Joined: Jul 08, 2010
Posts: 75
Thanks guys.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Give access to files only if the request comes from localhost
 
Similar Threads
no. of hits in a web page
Project Directory not browse in my site.
Figure 1-4 on SCJP Book incomplete resp. redundant
root directory of a web app
How to change application url by meaningfull name?