验证请求源是来自Internet还是Intranet [英] Verifying if request source comes from Internet or Intranet

问题描述

我有在Internet上运行的应用程序，它也包含一些管理模块。我不想让用户在Internet上访问我的管理模块。我希望来自内部网的请求可以访问管理模块。有没有办法控制这个没有开发一个为管理组件提供服务的新应用程序？

解决方案

如果你使用的是servlet，你可以添加过滤器并分析客户端IP地址（请参阅这个问题）。

请注意，无法保证您将以任何方式确定正确的地址。

更好方法是将此方法与某种身份验证（用户/密码，客户端证书等）相结合。

如果可能，单独的应用程序也会更好。这样，您可以简化部署过程（在不同端口中运行的应用程序等）并使其更容易扩展，因为您的管理和常规应用程序负载，安全性，可用性等很可能具有不同的要求。 / p>

I have application running on Internet which contains some admin module also. I don't want to let the user access my admin module on Internet. I want that request coming from intranet can access admin module. Is there any way to control this without developing a new application which serves admin component?

解决方案

If you are using servlets, you could add a filter and analyze the client IP address (see this question).
Be aware that there is no guarantee you will determine the correct address by any means.
A better approach would be combining this approach with some sort of authentication (user/password, client certificate, etc).

If possible, a separate application would also be better. This way you can simplify your deployment process (application running in a different port, etc) and make it easier to scale, since it is very likely that your administration and your regular application load, security, availability, etc, have different requirements.

这篇关于验证请求源是来自Internet还是Intranet的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！