Tomcat 6 IP address restrictions

Question

I need to protect a certain folder within a web application of mine from access from outside of an defined IP range.

With O'Reilly's Tomcat Tips I figured that:

<Context path="/path/to/secret_files" ...>
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127.0.0.1" deny=""/>
</Context>

Is the way to go?

I'm not that much into tomcat configuration so I'm dazzled a little as to where to put these restrictions. Do I put this Within my web.xml or is this a thing I need to add to some general tomcat conf file?

score 2 · Answer 1 · edited Dec 05 '13 at 14:10

If we want to restrict ip adresses irrespective of the context path we should add the following line in server.xml( Engine name)

 <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/>

This will deny all the ip adresses except 127.0.0.1

If you want to aloow multiple ip's use the following

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1,10.10.12.13,10.132.12"/>

And if you want to deny from only one ip and allow all other ip's use the following

 <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="127.0.0.1"/>

For multiple ip's

<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="127.0.0.1,10.10.12.13,10.132.12"/>

It looks like you forgot to include what changes need to be made, you only made reference to them. — Scott Pack, Nov 19 '11 at 00:10

score 1 · Answer 2 · edited May 23 '17 at 12:41

1

This SO question solved my problem.

edited May 23 '17 at 12:41

Community

1

answered Dec 03 '09 at 13:51

KB22

161
1
5

Tomcat 6 IP address restrictions

2 Answers2