Implement web server rules in Undertow

Description

Please see full comment thread here:
https://github.com/cfmlprojects/runwar/issues/137


There are a lot of use cases for wanting to deny access to certain URL patterns and Undertow seems to have some decent support for this. Let's think of the best way to declare access control for certain paths that makes it easy to use but it still configurable. For instance, it may be easiest to simply have a list of paths that we want to deny, but it would be better if we could allow exceptions so, for instance, the CF admin would be accessible from localhost.

Here's some example use cases:

Block access to CF admins
Block access to special files such as box.json, server.json, or .cfconfig.json
Block access to all files starting with a period
Custom folders such as /tests/ or /workbench
Undertow seems to have some capability to block based on user agent, but that seems worthless since anyone can spoof that. There is also the ability to block based on IP which which seems most useful.

Here's the docs I was able to dig up:
http://undertow.io/undertow-docs/undertow-docs-2.0.0/index.html#access-control-handler
https://repository.jboss.org/nexus/content/unzip/unzip/io/undertow/undertow-core/1.0.14.Final/undertow-core-1.0.14.Final-javadoc.jar-unzip/io/undertow/server/handlers/AccessControlListHandler.html

http://undertow.io/undertow-docs/undertow-docs-2.0.0/index.html#ip-access-control-handler
https://repository.jboss.org/nexus/content/unzip/unzip/io/undertow/undertow-core/1.0.14.Final/undertow-core-1.0.14.Final-javadoc.jar-unzip/io/undertow/server/handlers/IPAddressAccessControlHandler.html

https://github.com/undertow-io/undertow-docs/blob/master/src/main/asciidoc/predicates-attributes-handlers.asciidoc

Activity

Show:
Brad Wood
August 1, 2020, 12:50 AM

Spec doc attached

Assignee

Brad Wood

Reporter

Brad Wood

Labels

None

Affects versions

None

Fix versions

Priority

Major

Components

Configure