vicker313 tech blog

November 5, 2010

Restrict IP coming to Tomcat Service

Filed under: Tomcat — Tags: , — vicker313 @ 8:24 pm

We can restrict incoming connection by IP address in Tomcat, for example we only allow connection from IP 10.10.10.* to access. We only need to add a valve tag in the context:

<Context>
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192\.168\.56\..*" deny="192\.168\.56\.1"/>
</Context>

It is quite straight forward: allow attribute to allow what IP pattern to go through, while deny is to block. The value of the attribute use regular expression. Another example of regular expression, 192.168.*.* need to set as 192\.168\..*\..*.

2 ways to do this: either you want to implement the restriction to all the applications, or to particular application. If you want to apply to all applications, put the tag in TOMCAT_HOME/conf/context.xml.

If you only want to apply the restriction to particular application, put the tag in TOMCAT_HOME/conf/catalina/locahost/<webapp>.xml. The name of the file follow the name of your web application. Create the file if it is not exist.

About these ads

2 Comments »

  1. If we want to restrict ip adresses irrespective of the context path we should add the following line in server.xml( Engine name)

    This will deny all the ip adresses except 127.0.0.1

    If you want to aloow multiple ip’s use the following

    And if you want to deny from only one ip and allow all other ip’s use the following

    For multiple ip’s

    Comment by Santhosh kumar pulipalupula — November 19, 2011 @ 6:58 am

  2. If we want to restrict ip adresses irrespective of the context path we should add the following line in server.xml( Engine name).

    This will deny all the ip’s except 127.0.0.1

    If we want alllow multiple ip’s then ,comma seperation is enough

    This will deny all the ip adresses except 127.0.0.1,192.68.23.25

    If we want to deny only particular ip use

    This will den only 127.0.0.1 and allow all other ip adreses.

    Comment by Santhosh kumar — November 20, 2011 @ 9:16 am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Silver is the New Black Theme Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: