Digital Sanctum

Personal blog of Shane Witbeck Tags · Archive · About

Restricting Access to Tomcat via IP Address or Hostname

Published: 05 Nov 2008

To restrict access to a standalone Tomcat instance by IP address:

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow=""/>

The above will restrict access to the surrounding Engine, Host, or Context element in TOMCAT_HOME/conf/server.xml. You may also specify a comma separated list of IP addresses instead of a single address.

If you want to deny access to one or more IP addresses, you would do something like this:

<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny=""/>

To restrict by host name:

<Valve className="org.apache.catalina.valves.RemoteHostValve" allow=""/>

You use the same allow or deny attributes and the RemoteHostValve class instead of RemoteAddrValve.

Tags: #tomcat#apache#tips#how-to