#Jamf pro ip addresses code
Stop Tomcat and place the filter xml code in the file. You’ll then need to insert that xml into the webapp’s web.xml file (including after every upgrade) at /usr/local/jss/tomcat/webapps/ROOT/WEB-INF/web.xml Next we need to pair the regex with a Tomcat filter that is set to accept connections from IPs that are matched: I wrote this simple regex that should capture all those IP addresses. “allows you to compare the IP address of the client that submitted this request against one or more regular expressions, and either allow the request to continue or refuse to process the request from this client.”įor this to work we need a regular expression that will match any IPs in the standard private IP ranges of: Tomcat provides many filtering options but the one we want is “Remote Address Filter” which according to the documention:
Also these modifications can be overwritten during Jamf Pro updates so you will need to reapply them each time. Two caveats: This has only been run in production with Jamf Pro 9.x though it seems to work fine with version 10.x with some slight modifications which I’ll note below. So, is it possible to filter connections to Tomcat based on IP? It is! To accomplish this we need to use a Tomcat filter.
I decided the most obvious way to determine an internal machine vs an external one would be based on IP address. The server would be behind an AWS load balancer which would handle HTTPS termination and limit exposure to the outside world. In some Jamf environments the Tomcat webapp might need to be hosted on a single machine that is both accessible from inside an organization as well as externally on the public internet.īut what if you don’t want the Jamf admin console visible to the external world but still want to allow your clients to check in, enroll, or access the API? If you were in a clustered environment you could easily change the Limited Access settings for your externally facing webapp to something other than “Full Access”, but this isn’t possible on a single server setup.Īt our org I found myself in this situation with a development Jamf server that I wanted to be available both internally and externally but only use one server in AWS to keep costs reasonable.
0 kommentar(er)
