com.caucho.rewrite
Class IfNetwork

java.lang.Object
  extended by com.caucho.rewrite.IfNetwork
All Implemented Interfaces:
RequestPredicate

@Configurable
public class IfNetwork
extends java.lang.Object
implements RequestPredicate

Match if the remote IP address matches one of the pattern networks. Standard IP network syntax is allowed, so 192.168/16 matches the entire subnetwork.

 <resin:Allow url-pattern="/admin/*"
                xmlns:resin="urn:java:com.caucho.resin">
   <resin:IfNetwork value="192.168.17.0/24"/>
 </resin:Allow>
 
 
 <resin:Forbidden
         xmlns:resin="urn:java:com.caucho.resin">
   <resin:IfNetwork>
     <value>205.11.12.3</value>
     <value>123.4.45.6</value>
     <value>233.15.25.35</value>
     <value>233.14.87.12</value>
   </resin:IfNetwork>
 </resin:Forbidden>
 

RequestPredicates may be used for both security and rewrite conditions.


Constructor Summary
IfNetwork()
           
 
Method Summary
 void addValue(java.lang.String network)
          Add an ip network to allow.
 int getCacheSize()
          Size of the cache used to hold whether or not to allow a certain IP address.
 void init()
           
 boolean isMatch(HttpServletRequest request)
          True if the predicate matches.
 void setCacheSize(int cacheSize)
          Size of the cache used to hold whether or not to allow a certain IP address, default is 256.
 java.lang.String toString()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

IfNetwork

public IfNetwork()
Method Detail

setCacheSize

@Configurable
public void setCacheSize(int cacheSize)
Size of the cache used to hold whether or not to allow a certain IP address, default is 256. The first time a request is received from an ip, the allow and deny rules are checked to determine if the ip is allowed. The result of this check is cached in a an LRU cache. Subsequent requests can do a cache lookup based on the ip instead of checking the rules. This is especially important if there are a large number of allow and/or deny rules, and to protect against denial of service attacks.


getCacheSize

public int getCacheSize()
Size of the cache used to hold whether or not to allow a certain IP address.


addValue

@Configurable
public void addValue(java.lang.String network)
              throws java.net.UnknownHostException
Add an ip network to allow. If allow is never used, (only deny is used), then all are allowed except those in deny.

Throws:
java.net.UnknownHostException

init

@PostConstruct
public void init()
          throws ConfigException
Throws:
ConfigException

isMatch

public boolean isMatch(HttpServletRequest request)
True if the predicate matches.

Specified by:
isMatch in interface RequestPredicate
Parameters:
request - the servlet request to test

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object