• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Give access to files only if the request comes from localhost

 
Andrei Antonescu
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,

I have a picture x.jpg on a Tomcat webserver. I want to show the picture in my webapp. Let's say that the picture url is: http://www.x.com/pic.jpg. I want to be able
to show the picture in my webapp, but If I enter http://www.x.com/pic.jpg in the url of my browser, then the picture must not be visible.

So tomcat must allow the requests for http://www.x.com/pic.jpg to come only from localhost (from my webapp).

Is that even possible?

Thanks in advance
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Remote Address Filter and/or the Remote Host Filter should be able to do this, assuming that you want to restrict access to ALL of Tomcat: http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter

If it's just certain images, then you can serve those through a servlet that checks the remote address/host.
 
leo donahue
Ranch Hand
Posts: 327
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The remote address filter valve can be located in a Context and that context can be in /META-INF/context.xml. this would restrict access to a specific webapp.
 
Andrei Antonescu
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks guys.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic