Restricting Access to Tomcat via IP Address or Hostname

Published: 05 Nov 2008

To restrict access to a standalone Tomcat instance by IP address:

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/>

The above will restrict access to the surrounding Engine, Host, or Context element in TOMCAT_HOME/conf/server.xml. You may also specify a comma separated list of IP addresses instead of a single address.

If you want to deny access to one or more IP addresses, you would do something like this:

<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="127.0.0.1"/>

To restrict by host name:

<Valve className="org.apache.catalina.valves.RemoteHostValve" allow="yahoo.com"/>

You use the same allow or deny attributes and the RemoteHostValve class instead of RemoteAddrValve.