tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Denying IPs using the Valve command in context.xml
Date Tue, 04 Oct 2011 17:49:54 GMT
Here are the Valves which exist under Tomcat 7.0, the latest version.
http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html
Which one are you talking about, and which Tomcat version ?

Note that org.apache.catalina.valves.RemoteAddrValve can filter on the base of the client

/IP address/, not its hostname (as a careful read of the on-line documentation makes clear).

Note also that as well the org.apache.catalina.valves.RemoteHostValve as the
org.apache.catalina.valves.RemoteAddrValve filter on the base of /regular expressions/, 
and "*.googlebot.com" is not one of those.
In this particular case, "\.googlebot\.com$" would be better (with the RemoteHostValve).

And finally, note also that this may be quite "expensive", in the sense that Tomcat may 
need to do a couple of DNS lookups per client, to allow this to work.
In this particular case, would a "robots.txt" file in the ROOT of your server, not be 
better ? Google bots should be well-behaved.





Sanford Stein wrote:
>   1.  I am using wildcards in my IP addresses, such as:
> <Valve className="org.apache.catalina.valves.RemoteAddrValve" 
> deny="*.googlebot.com"/>
> 
>  From my reading of the documentation, this should be OK, but when this line is 
> present I cannot access any of my
> servlets from any IP address.   Do wildcards work here and, if so, what am I 
> doing wrong?
> 
> 2.  Is it possible for a give IP to permit access to some servlets while denying 
> access to others?
> 
> Thanks,
> Sanford Stein
> CyberTools Inc.
> -- 
> --------------------------------------------------------------------------------
> CyberTools Logo <http://CyberTools.biz>  	*Sanford Stein *| *CyberTools, Inc.*
> 75 Arlington Street, Suite 500, Boston MA 02116  | 800.894.9206 x 103 | F 
> 888.899.0346
> Sanford.Stein@CyberTools.biz <mailto:Sanford.Stein@CyberTools.biz> |  
> CyberTools.biz <http://CyberTools.biz> | Build-It-Once Development
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message