We are using Virtual machine to connect our dev servers. By connecting to the VDI, we are working inside a secure firewall. In Development we have a property file where we specify the URLs to post XMLs to development server for unittesting. By using an bat file we post XMLs to a particular environment. Interestingly through the above approach we can process XML even to production by specifying the necessary URL, Currently I got a requirement to block posting an XML through the above said approach. I need your idea to block the xml when it is posted to a certain URL even if the same url comes inside the firewall. Is there any possibility to handle in the java code for blocing a specific URL.
Do you mean block a URL, or block a request? To block a URL just don't list it in your bat file .
I think what you want is to block requests. In the production server you do not want to accept or process requests coming in from your dev environment. You can do that in your app server or servlets by blocking ip addresses. Alternately, you can require a parameter in your request which indicates where the request is coming from. For the outside world, this would always be set to something like "production", but in your dev requests, it would be set to "dev".
Joined: Jun 02, 2010
We have a simple servlet through which we post our xml to do unit testing in dev server. similarly in the config file instead of dev sever url say for eg: http://DevServer:11080/Submissoninterface if am replacing it with production server and the corresponding port number I can post an xml directly to the production server. Ideally the production server should process only the xmls which comes in from the valid user system. Any xmls which are processed from outside should be blocked.
Could you please elaborate how to block ip addresses in servlets or app server ?
Joined: Mar 24, 2005
Yes, so you don't want to block URLs, you want to block requests in production.
You have to make your servlet aware of whether it is being ran in production or in dev, qa, etc. You can do this via a property (properties file, system property, etc.). In production, the property gets set to "production" and in dev to "dev", etc. Once your servlet is aware of its environment, you call request.getRemoteAddr() to get the ip address. You need a list of addresses or blocks for which you do not want to process requests in production (you can also inject this as some property). If the environment is "production" and the request comes from one of the ip addresses in the blacklist you don't process it. Voila!
You don;t have a load balancer?. Generally you can block certain URL patterns at the load balancer. Not need to write java code
Joined: Mar 24, 2005
The load balancer solution will not work. According to the first description, their dev machines have direct access to the production servers - they are able to post requests from the dev machines to the production servers. This means they can bypass the load balancer and post directly to any of the production servers. I don't see how they can avoid making the servers or the servlets themselves capable of blocking unwanted requests. I suppose if you want to avoid writing code, this blocking can also be done at the app server level, where they can specify a list of blocked IPs, but it depends on the server vendor and what kind of support for this capability it provides.