Hi Ralph, Actually, this explains a whole lot, yes -- Thank you!
However, something interesting to note -- RemoteHostValve works if I refer to IPs and *not* hostnames! Isn't that odd? I thought RemoteHostValve was for hostname, and RemoteAddrValve works for IP. Jason. On Wed, 10 Mar 2004, Ralph Einfeldt wrote: > > Deny takes precedence over allow. > (The valve is missing the option to define the order) > > I'm not shure if that explain all your problems but some. > > http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/valves/RequestFilterValve.java?rev=1.3&view=auto > > > -----Original Message----- > > From: Jason Keltz [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, March 10, 2004 4:20 PM > > To: Tomcat Users List > > Cc: [EMAIL PROTECTED] > > Subject: Re: Restrict to specific IP's > > > > > > Actually, here's more information on the Restricting IPs not > > working .. > > > > If I use: > > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > > allow="A.B.C.D,A.B.C.E"/> > > > > I can access the app from the host at IP A.B.C.D and IP A.B.C.E, and > > cannot access the app from anywhere else, so this works. > > > > However, if I try to be more explicit, and add a "deny" as follows: > > > > deny=".*" or deny="A.B.*" to the end of Valve statement, I get refused > > connection from all hosts, including the hosts in the allow list that > > should still be allowed access. > > > > If I try to go back to using "RemoteHostValve", and trying the same > > tests.. > > > > If I specify a single host in the allow list that is the host I am > > accessing the webapp from, I get refused from that host, and > > every other host. I've even tried expanding the regexp on the allow -- > > "^host$" and > > it doesn't work. > > > > Jason. > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
