Manualshelf

NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series
381382383384385386387388389390
Security Considerations
NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006
8-33
Validating the Sender
Validating the Sender
While NSJSP uses the user’s credentials to authenticate and authorize a user, it also
provides valve elements to validate the origin of a client request before the request is
serviced. The valve element allows or denies requests originating from certain client’s
hosts based on the client’s host name or IP address.
A valve element represents a component that will be inserted into the request
processing pipeline for the associated Catalina container (Engine, Host, or
Context).
The iTP Secure WebServer also provides features to either deny or allow access to
resources. For more information, see the Region directive, and the DenyHost and
AllowHost commands for the Region directive in the iTP Secure Webserver System
Administrator’s Guide.
The following sections discuss the two valves that are available with NSJSP to restrict
access based on the client’s host name and IP address:
Remote Host Filter
Remote Address Filter
Remote Host Filter
The Remote Host Filter valve compares the hostname of the host that sent the request
against one or more regular expressions, and either allows the request to continue or
refuses to process the request from that host. The syntax for the regular expressions is
specified in the java.util.regex class. For more information on this class, see
http://java.sun.com/javase/6/docs/api/java/util/regex/Pattern.html.
You can associate a Remote Host Filter valve with any Catalina container (Engine,
Host, or Context). The Remote Host Filter must accept any request presented to the
associated container for processing before passing on the request.
Table 8-9 lists the attributes that can be used to configure a Remote Host Filter valve.
Note. Even though NSJSP provides the capability to allow or deny requests originating from
certain client hosts, HP recommends that you configure such criteria in the iTP Secure
WebServer rather than in NSJSP.