tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo Donahue - PLANDEVX <>
Subject RE: RemoteAddressValve
Date Wed, 08 Jul 2009 15:00:41 GMT
Andre, Tim,

Thanks for the feedback on the regex.

I don't think I can nest a <valve> inside a <context>

	  <Context path="/mywebapp" docBase="mywebapp" debug="0" privileged="true"
	     <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="176\.24\..*"

I tried and I get error in the log file such as the following.

Jul 8, 2009 7:29:46 AM org.apache.tomcat.util.digester.Digester fatalError
SEVERE: Parse Fatal Error at line 145 column 7: Element type "Context" must be followed by
either attribute specifications, ">" or "/>".
org.xml.sax.SAXParseException: Element type "Context" must be followed by either attribute
specifications, ">" or "/>".

According to this website:  they claim
a Remote Address Filter can be associated with a Engine, Host or Context container.  I have
an old Tomcat book from version 4.0 that says nothing about being able to nest a valve inside
a Context.  The book I have says only Loader, Logger, Manager, Realm and Resource can be nested
components of a Context.  I need a new book.

I'm running 6.0.20 on Windows 2003 Server, using the zip file version.

So I look at my code again and notice I have it messed up.

I changed it to the following, no more errors in the catalina log.

	  <Context path="/mywebapp" docBase="mywebapp" debug="0" privileged="true">
	     <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="176\.24\..*"

Sometimes it helps to think it out loud.

-----Original Message-----
From: André Warnier [] 
Sent: Wednesday, July 08, 2009 7:14 AM
To: Tomcat Users List
Subject: Re: RemoteAddressValve

Leo Donahue - PLANDEVX wrote:
>   <Valve className="org.apache.catalina.valves.RemoteAddrValve" 
> allow="176.24.*.*"/>
I don't know about the context in which you can use this, but about the above, your "allow"
attribute is incorrect.
It should be :

"A comma-separated list of /regular expression patterns/ that the remote client's IP address
is compared to."

If I understand correctly which addresses you are trying to allow, then the following would
be better :

Quick tips : in a regexp,
- an unescaped "." means "any character".
- ".*" means "any character, any number of times" (0 to infinity)
- "\." is a "real dot" (escaped by the \, it loses its special meaning and just represents
the character "."
Check any on-line Regular Expressions tutorial for more information.

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message