• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

IP Address Simulation

 
kamal kumar sharma
Greenhorn
Posts: 9
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I am facing an issue which i have explained below.

I am working on an application,which interact with any external application as below.

External application ------> Apache1 ----------> JOnAS Server(On which application is running)


In application level we have managed a IP Filtering code ,to verify the request is coming from Apache1 for security reason.

Now we have to migrate the application request flow as per our client demand into new structure below.

External application ------> Apache1 ---------->Apache2 --------> JOnAS Server(On which application is running)


Here the basic flow is any external application request to the Apache1 then it forward to Apache2 which further redirect to JONAS. Now our IP filtering in code level fails as it does not get the request from Apache1 now but from Apache2. I just want to know is it possible to rediect the request as per above structure without modifying the code level filter.
I mean
How do i validate whether the request is coming from Apache1?.
Is there any Apache level filtering or URL rewriting possible?

Thanks for your help.


Regards,
kamal
 
Jaikiran Pai
Marshal
Pie
Posts: 10444
227
IntelliJ IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It all depends on how you have implemented that filter and what attributes of the request it looks for and also how those Apache servers are configured to redirect the requests.
 
kamal kumar sharma
Greenhorn
Posts: 9
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I have resolved the previous problem by using "X-Forwarded-For" header in request object.

but i am facing a new issue now.

The call response.sendRedirect() is setting session attribute to null when request is forwarding between Client---> Apache1-->Apache2--->JOnAS. However it works when request flow is Client-->Apache1--->JOnAS.

Thanks for your analysis and help.

Regards,
kamal





 
paul nisset
Ranch Hand
Posts: 219
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,



Probably because the session is limited to server is is set on .
You need a application server that both servers can check the session on.

It looks like apache1 is being used as a firewall so I'm not sure why it would need access to the session .

-Paul

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic