java- using a filter to check remote address

Question

What would be the best approach to detect if a web application is accessed locally?
I am interested in checking this in a filter (javax.servlet.Fi

Answer 1

Even if the client is running locally, it might not be using the loopback interface. Odds are good that your machine will have an assigned IP address, and depending on /etc/hosts configuration, DNS configuration, etc. the IP address you connect to might not be the loopback address.

Assuming that you want to provide some sort of "enahanced" interface that is "more secure" because it originates on the same machine, beware that even loopback interfaces can be snooped upon by using tools like wireshark. If this interface is meant to display data suitable for a more-trusted client, then odds are good you should take the efforts to do proper ssl tunneling via https.