tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Denying IPs using the Valve command in context.xml
Date Tue, 04 Oct 2011 17:49:54 GMT
Here are the Valves which exist under Tomcat 7.0, the latest version.
Which one are you talking about, and which Tomcat version ?

Note that org.apache.catalina.valves.RemoteAddrValve can filter on the base of the client

/IP address/, not its hostname (as a careful read of the on-line documentation makes clear).

Note also that as well the org.apache.catalina.valves.RemoteHostValve as the
org.apache.catalina.valves.RemoteAddrValve filter on the base of /regular expressions/, 
and "*" is not one of those.
In this particular case, "\.googlebot\.com$" would be better (with the RemoteHostValve).

And finally, note also that this may be quite "expensive", in the sense that Tomcat may 
need to do a couple of DNS lookups per client, to allow this to work.
In this particular case, would a "robots.txt" file in the ROOT of your server, not be 
better ? Google bots should be well-behaved.

Sanford Stein wrote:
>   1.  I am using wildcards in my IP addresses, such as:
> <Valve className="org.apache.catalina.valves.RemoteAddrValve" 
> deny="*"/>
>  From my reading of the documentation, this should be OK, but when this line is 
> present I cannot access any of my
> servlets from any IP address.   Do wildcards work here and, if so, what am I 
> doing wrong?
> 2.  Is it possible for a give IP to permit access to some servlets while denying 
> access to others?
> Thanks,
> Sanford Stein
> CyberTools Inc.
> -- 
> --------------------------------------------------------------------------------
> CyberTools Logo <>  	*Sanford Stein *| *CyberTools, Inc.*
> 75 Arlington Street, Suite 500, Boston MA 02116  | 800.894.9206 x 103 | F 
> 888.899.0346
> <> |  
> <> | Build-It-Once Development

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message