Return-Path: 
 <tomcat-user-return-127993-apmail-jakarta-tomcat-user-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org
Received: (qmail 72330 invoked from network); 2 Jun 2005 17:30:31 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 2 Jun 2005 17:30:31 -0000
Received: (qmail 1163 invoked by uid 500); 2 Jun 2005 17:30:16 -0000
Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org
Received: (qmail 1135 invoked by uid 500); 2 Jun 2005 17:30:15 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 1121 invoked by uid 99); 2 Jun 2005 17:30:14 -0000
X-ASF-Spam-Status: No, hits=1.1 required=10.0
	tests=FROM_ENDS_IN_NUMS,HOT_NASTY
X-Spam-Check-By: apache.org
Received-SPF: neutral (hermes.apache.org: local policy)
Received: from smarty.dreamhost.com (HELO smarty.dreamhost.com) (66.33.216.24)
  by apache.org (qpsmtpd/0.28) with ESMTP; Thu, 02 Jun 2005 10:30:11 -0700
Received: from strange.dreamhost.com (strange.dreamhost.com [66.33.193.57])
	by smarty.dreamhost.com (Postfix) with ESMTP id 5F6B413F654
	for <tomcat-user@jakarta.apache.org>; Thu,  2 Jun 2005 10:29:53 -0700 (PDT)
Received: by strange.dreamhost.com (Postfix, from userid 7734)
	id 66D536AA18; Thu,  2 Jun 2005 10:29:45 -0700 (PDT)
Date: Thu, 2 Jun 2005 12:29:45 -0500
From: QM <qm300@brandxdev.net>
To: Tomcat Users List <tomcat-user@jakarta.apache.org>
Subject: Re: RemoteAddrValve
Message-ID: <20050602172945.GA10706@strange.dreamhost.com>
References: <429EF14B.8060708@bioss.ac.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <429EF14B.8060708@bioss.ac.uk>
User-Agent: Mutt/1.3.28i
X-Virus-Checked: Checked
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

On Thu, Jun 02, 2005 at 12:45:15PM +0100, Janet Dickson wrote:
: I'm trying to use RemoteAddrValve to restrict access to a website to a 
: subnet in Tomcat 4.1

You may want to use a ServletFilter instead.  This is supported by the
2.3 servlet spec, which means it will be portable among containers and
will thus ease your migration to Tomcat 5.x in the future.

Using a Filter would also solve the other problem you mention, that you
find you can't put multiple addresses in the "allow" section.


: <Valve className="org.apache.catalina.valves.RemoteAddrValve"
:                 allow="xxx.xxx.xxx.xxx/25" />
: but it doesnt seem to work as access from one of my IP addresses is 
: forbidden.

If possible, could you share the real IP addresses?  (If they're
internal-only (such as 10.x, 192.168.x, 172.16.x) then you won't expose
any private information posting them here.)  This may be as simple as a
typo.


: Also, can someone confirm whether it is necessary to restart the Tomcat 
: server (version 4.1) if I modify an .xml file in the webapps directory ?

Depends on which XML file.  If it's one of the files that's used by the
container -- context.xml, web.xml, and so on -- then yes, you'll have to
restart.   If it's a file that's loaded by your app on request, then
it's up to your code to decide whether to cache it or reload it every
time.

-QM


-- 

software   -- http://www.brandxdev.net/
tech news  -- http://www.RoarNetworX.com/
code scan  -- http://www.JxRef.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org