I'm trying to implement a simple remote address valve, but it doesn't
seem to work. I put the following element inside the Host element in
%CATALINA_HOME%\conf\server.xml
<valve className="*org.apache.catalina.valves.RemoteAddrValve*"
allow="*xxx**.xxx.xxx.xxx*/> // actual IP address not shown
The only Context elements I have defined are at
%CATALINA_HOME%\conf\[engine]\[host]\admin.xml and
%CATALINA_HOME%\conf\[engine]\[host]\manager.xml, and there are no
valves defined in these. There is only a single Context defined in
%CATALINA_HOME%\conf\context.xml, and there are no valves in it. There
are no META-INF folders in any web app, and there are no XML files in
the appBase folder. There are no defaultCOntext elements defined in
server.xml. In short, the above valve has to be the only thing defining
access by IP address for all my web apps.
Yet I can navigate to any web app from IP addresses other than the one
specified in the valve. The valve has no discernible effect. I also
tried deny=".*" and again there was no restriction applied.
I should mention that I can't actually test this from outside my network
at the moment, but I'm trying two things that I believe should cause the
IP address to fail to match the allow pattern:
1. I navigate to my router's WAN address. Thus I should be hitting
Tomcat with an IP address that is not localhost and is not the one
defined in the valve.
2. I navigate to 192.168.1.2 (the internal address of the machine
running Tomcat) from 192.168.1.4 (the internal address of another
computer). Both of these computers are behind my NATd firewall, and
192.168.1.4 is not the address in the allow attribute.
Am I missing something about what address gets presented to Tomcat in
these scenarios, or am I missing something really basic about how this
valve is supposed to work?
-Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
