Hi! First off, I think Tomcat is a great product. Thanks!
Secondly, do you have any plans on adding something like to web.xml: <security-constraint> <web-resource-collection> <web-resource-name>My Webapp</web-resource-name> <url-pattern>cust1.html</url-pattern> </web-resource-collection> <ip-constraint> <allow>192.168.1.13-192.168.1.55,192.168.10.</allow> <ip-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>My Webapp</web-resource-name> <url-pattern>cust2.html</url-pattern> </web-resource-collection> <ip-constraint> <deny>192.168.</deny> <ip-constraint> </security-constraint> I have looked at the documentation and web, but could not find any other information than a commercial package from Cafesoft. I think this kind of access control would be very useful since webapps can have static pages that should be denied for everyone but a certain ip-range. Example: Customer 1 has access to a service with a certain look-and-feel and some customer specific mods. The name of the page that Customer 1 uses to access the webapp is cust1.html and that passes on some parameters. Customer 2 uses the same webapp but has a different look-and-feel and accesses the SAME webapp through cust2.html. Now it would be nice to limit access to cust1.html and cust2.html so that only the respective customer ip-ranges could access them. I can do this by installing apache and hooking up Tomcat to it, but I would like to use a standalone solution. The Valve functionality is good but it is only on webapp level. Best regards, --Svante -- Svante Olofsson, CEO Agentum Technologies Inc. [EMAIL PROTECTED] Tel. +358 2 232 6200 Mob. +358 40 501 6061 Fax. +358 2 215 3307 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]