Security - Filtered By Users by IP Address

[czillman]

Hello -

I have deployed this server on our corporate network. Another department has automated a "hacking system" that periodically "hacks" all the servers on the network. When it hacks awareim some sort of error is caused and all logins fail until the server is stopped and started.

I know where the attack is originating and I would like to filter access to the system by source ip address.

Can the Tomcat server do this?

Cheers, Charles

[aware_support]

Hi Charles,

please check out this http://apdrc.soest.hawaii.edu/thredds/d ... atFAQ.html
(we haven't verified if what they are writing is true).

You can also read about Tomcat security features here:
http://tomcat.apache.org/faq/security.html

By the way, Aware IM stores the IP address of the user in the LoginNotification

[czillman]

The first link went bad.

I can't make heads or tails out of the second link other than I think this is the text I need to enter to block 171.71.180.208 from all accessing anything through tomcat...

<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="171\.71\.180\.208" />

Now where should I stick it to block all access to anything served from tomcat?

What file do I edit and what tool do I use to edit the file?

Cheers, Charles

[aware_support]

You need to edit the file server.xml located in the AwareIM/Tomcat/conf directory.

Search for the following line in this file:
<Engine name="Catalina" defaultHost="localhost" debug="0">

You can now insert something like this after this line:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="18.83.0.150" />

[aware_support]

You also need to restart Aware IM after this change.

[tford]

Charles,

In addition, you could put events into LoginNotification + LoginAttemptNotification that sends you an email if a certain IP address either attempts a login or successfully logs in. That may be overkill, but is an option.

Tom