For log in into application we have one Spring Boot Rest API (Java) and I have implemented below logic inside API. Here is the code:
Boolean isAccess(HttpServletRequest request) {
String ipAddress = request.getHeader("X-FORWARDED-FOR");
if (ipAddress == null)
ipAddress = request.getRemoteAddr();
if (ipAddress.startsWith("xx."))
return true;
else
return false;
}
With above logic, sometimes I get a common IP pattern even when user is connected with VPN or not. I want logic based on domain name or IP which can assure that the API hit comes with VPN or not.
To implement VPN-based access for a web application, what you should do is to create an infrastructure that allows access to the app only from devices connected to the specific VPN. It's not something you should do within the web application.
For example, you can configure your web server (Apache, Nginx ...) to check for the presence of specific IP addresses or VPN client certificates. You can also implement firewall rules that block all incoming traffic to your web application's port except for traffic coming through the VPN or the allowed ip range.