B4J Question b4j server localhost filter

[billzhan]

Hi,

I want to make a b4j server can only be accessed by localhost, the current plan is to use a filter thread for all requests.

    srvr.AddFilter("/*","localhostfilter",False)


'Return True to allow the request to proceed.
Public Sub Filter(req As ServletRequest, resp As ServletResponse) As Boolean
    Dim ip As String= req.RemoteAddress
    Log(ip)
    Dim ipmap As Map
    ipmap.Initialize
    '
    ipmap.Put("localhost","")
    ipmap.Put("LOCALHOST","")
    ipmap.Put("127.0.0.1","")
    ipmap.Put("0:0:0:0:0:0:0:1","")
    ipmap.Put("::1","")
    '... other permutations
 
    If ipmap.ContainsKey(ip) Then
        Return True
    Else
        Return False
    End If
 
End Sub

Is there any other method? List all permutations is not very good ( e.g. 127.0.0.* is not included).

 

[Roycefer]

Why are you putting the possible IPs in a Map? I suspect a List will be faster. Also, why are you reconstructing the Map every time a request comes in? It will most likely be faster to do it once in AppStart and then store it as a global variable. Also, have you checked that all those permutations are possibilities? I think I've only ever seen 127.0.0.1 and 0:0:0:0:0:0:0:1 reported by req.RemoteAddress (even when navigating to 127.0.0.5 or something).

Try something along these lines in AppStart:

ipList.Add("127.0.0.")    'ipList was declared in Process_Globals
ipList.Add("localhost")
ipList.Add("0:0:0:0:0:0:0:1")
srvr.AddFilter("/*", "localhostfilter", False)

In Filter class:

Public Sub Filter(req AsServletRequest, resp AsServletResponse) As Boolean
    Dim ip As String = req.RemoteAddress.ToLowerCase
    For Each ipCandidate As String in Main.ipList
        If ip.Contains(ipCandidate) Then Return False
    Next
    Return True
End Sub

 

[billzhan]

Thanks for you suggestions @Roycefer . Don't know list is faster. I only saw these in VPS( ubuntus) networks.

ping ::1 in win7 works.

Many permutations :
http://stackoverflow.com/questions/8426171/what-regex-will-match-all-loopback-addresses

I mean to find a reliable way, or just let the user to add manually

 

[Roycefer]

That Regex in the first Stack Overflow answer seems pretty neat. Why not try that one?

 

[billzhan]

I tried already, and plan to use a whitelist (with permutations and Regex strings) set by user.

 

[Daestrum]

Or use this

...
Dim jo As JavaObject = req
If jo.RunMethod("getLocalAddr",Null) <> req.RemoteAddress Then 
    Log("not from this machine") 
Else 
   Log("from local machine")
End If
...

 

[Roycefer]

I don't think that will work. req.getLocalAddr() returns the IP address of the machine on the local network. "127.0.0.1" (or any of the other aliases) won't match with it.