IP Filter Example

The filter provides a basic security mechanism for a firewall to determining what traffic passes through the firewall based on IP address details. This protects the secure network from outsiders. A filter is an object that perform filtering tasks on request and response. A FilterConfig object used by a servlet container used to pass information to a filter during initialization. Filters are registered in web.xml (deployment descriptor) of a web application.
The most easiest and effective way of minimize the risk from out side attacks is to filter incoming requests based on the IP address of the client. For example, if you have two web addresses that make requests using 192.168.10.146 and 127.0.0.1 and wish to restrict the servlet requests only from 127.0.0.1 then following program will help you.

Here is the Source Code of IPFilterExample.java


import java.io.*;

import java.util.*;

import javax.servlet.*;

import java.io.IOException;

import java.util.StringTokenizer;



import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.http.HttpServletResponse;



public class IPFilterExample implements Filter{

  public IPFilterExample() {}

  public final static String IP = "193.168.10.146";

  private FilterConfig filterConfig;

  

  public void init(FilterConfig config) throws ServletException{

  this.filterConfig = config;

  }

  public void doFilter(ServletRequest request, ServletResponse response,

  FilterChain filterchain) throws IOException, ServletException {

  response.setContentType("text/html");

  PrintWriter out = response.getWriter();

  out.println("<html><head><title>IP Filter Example</title></head>");

  String userip = request.getRemoteAddr();

  HttpServletResponse httpResponse = null;

  if (response instanceof HttpServletResponse){

  httpResponse = (HttpServletResponse) response;

  }

  if (IP.equals(userip)) {

  httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN,"You are 

  not allowed to access the servlet!");  

  } else {

  filterchain.doFilter(request, response);

  out.println("<body><h3><font color='green'>Passed successfully

    from IP Filter<font></h3></body></html>");

  }

  }

  public void destroy() {}

}

Here is the source code of CallIpFilter Servlet.


import java.io.*;

import javax.servlet.*;

import javax.servlet.http.*;



public class CallIpFilter extends HttpServlet{ 

  public void doGet(HttpServletRequest request, HttpServletResponse 

   response)

  throws ServletException,IOException{

  response.setContentType("text/html");

  PrintWriter pw = response.getWriter();

  pw.println("<html>");

  pw.println("<head><title>IP Filter Example</title></title>");

  pw.println("<body>");

  pw.println("<h1>Welcome, calling servlet successful</h1>");

  pw.println("</body></html>");

  }

}

Mapping of Filter (IPFilterExample) and Servlet (CallIpFilter) in web.xml

<filter>
<filter-name>IPFilterExample</filter-name>
<filter-class>IPFilterExample</filter-class>
</filter>
<filter-mapping>
<filter-name>IPFilterExample</filter-name>
<url-pattern>/CallIpFilter</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>CallIpFilter</servlet-name>
<servlet-class>CallIpFilter</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CallIpFilter</servlet-name>
<url-pattern>/CallIpFilter</url-pattern>
</servlet-mapping>

Running the servlet by this url: http://localhost:8080/ServletExample/CallIpFilter from IP 193.168.10.146. The message will display as below:

But when, user access from IP address 127.0.0.1 then he could not access the servlet (CallIpFilter) because IP Filter does not allow to access for this IP address and status report will display as below:

Download Source Code

IP Filter Example

IP Filter Example

Spring Framework Training

R Programming Training

IP Filter Example