Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7D22C95F6 for ; Wed, 5 Oct 2011 14:02:15 +0000 (UTC) Received: (qmail 24557 invoked by uid 500); 5 Oct 2011 14:02:10 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 24497 invoked by uid 500); 5 Oct 2011 14:02:10 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 24488 invoked by uid 99); 5 Oct 2011 14:02:10 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Oct 2011 14:02:10 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.85.160.173] (HELO mail-gy0-f173.google.com) (209.85.160.173) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Oct 2011 14:02:05 +0000 Received: by gye5 with SMTP id 5so2090068gye.18 for ; Wed, 05 Oct 2011 07:01:44 -0700 (PDT) MIME-Version: 1.0 Received: by 10.236.180.168 with SMTP id j28mr13816952yhm.15.1317823304138; Wed, 05 Oct 2011 07:01:44 -0700 (PDT) Received: by 10.236.108.19 with HTTP; Wed, 5 Oct 2011 07:01:44 -0700 (PDT) In-Reply-To: <20111005135703.GB14317@IUPUI.Edu> References: <4E8B40A3.2010103@CyberTools.biz> <4E8B4742.8040409@ice-sa.com> <4E8B5484.5030203@christopherschultz.net> <4E8B59C8.7010006@christopherschultz.net> <20111005135703.GB14317@IUPUI.Edu> Date: Wed, 5 Oct 2011 16:01:44 +0200 Message-ID: Subject: Re: Denying IPs using the Valve command in context.xml From: Francis GALIEGUE To: Tomcat Users List Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, Oct 5, 2011 at 15:57, Mark H. Wood wrote: > Part of the problem with this valve is that regex matching is such a > (IMHO) bizarre choice for IP address matching. =C2=A0IP addresses have a > structure which is very unlike text, and the customary and expected > matches take a bit of finagling to do in regexes. > > I should try writing netmask and CIDR address matchers. > I'm doing just that at the moment :p https://issues.apache.org/bugzilla/show_bug.cgi?id=3D51953 > Likewise the hostname valve. =C2=A0Domain names also are structured, and > people who have just discovered the valve may be expecting quite a > different type of matching than what they get. =C2=A0I had to read the > documentation very slowly and carefully before I could get the > customary match styles out of my head. > > Again, I should try writing a DNS-style globber. =C2=A0It might be fun. > (But don't hold your breath waiting for it.) > Ideally, all of Apache's "allow from" and "deny from" (along with Order while we are at it) could/should be implemented. I'm starting with the most simple case of all. It'll be fun to implement, say, 10., .mydomain.com and such... --=20 Francis Galiegue ONE2TEAM Ing=C3=A9nieur syst=C3=A8me Mob : +33 (0) 683 877 875 Tel : +33 (0) 178 945 552 fge@one2team.com 40 avenue Raymond Poincar=C3=A9 75116 Paris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org