Allowing REST URL within network, and blocking outside traffic

Question

Assuming my REST API URL is

I would like to have this return data only when calling it within the corporate network, everyone else should not get any result back.

Here are the use cases where they can/cannot be accessible

User accessing it from outside the network but using it via a JSF/CDI application deployed on JBoss Server. (Should be accessible)
User directly accessing the URL from inside the network (via rest client or directly typing the url in browser window) (Should be accessible)
User directly accessing the URL from outside the network (via rest client or directly typing the url in browser window) (Should NOT be accessible)

Thanks for taking a look.

score 0 · Accepted Answer · edited May 23 '17 at 10:24

0

I'd suggest to get an IP address from the request and then check it via permitted IP's or mask of a subnet. How to get an IP address if you're using JAX-RS API you can find here: How to find out incoming RESTful request's IP using JAX-RS on Heroku?

Another option it's of course to block incoming request by firewall or by server's setting.

edited May 23 '17 at 10:24

Community

answered Apr 23 '15 at 18:11

Anatoly

1 Answers1