Thanks everyone for getting back on this one, If I have to do this in as per Jeff, which file should I be changing? Each vhost can do this in a separate <Directory /myapp/my-test1/demo/> block but does not seem useful . I would keep this out of Tomcat, but thats just me.
I also read that, we can use in the Tomcat context.xml file...Has anyone tried this? <Context antiJARLocking="true" path="/"> <Valve className="org.apache.catalina.valves.RemoteIpValve" /> <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="{IP_address}" /> </Context> On Sun, Jan 19, 2014 at 8:32 AM, John List <johnl...@gulfbridge.net> wrote: > > On 01/18/2014 09:59 PM, John List wrote: > > On 01/18/2014 06:45 PM, Jeff Dyke wrote: > > Remember that IPs are easily spoofed. > > Actually, since HTTP is based on a TCP connection, I don't know that you > can say that IP addresses can be spoofed in the web context. > > > > (IP addresses can be spoofed, but that's not a security problem in a web > context since any response from the web server will be directed to the > spoofed IP address, not the one that spoofed it.) > > but we all do it, and the access restrictions are so much cleaner, as > well as other things in apache2.4, so if you can i'd upgrade. You're > obviously building these as VHosts, so they can go int the virutual host > container, but you want this page: > http://httpd.apache.org/docs/2.2/howto/access.html and > http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow > > In Apache 2.2 > > Order allow, deny > Allow from 172.168.10 > > Each vhost can do this in a separate <Directory /myapp/my-test1/demo/> > block but does not seem useful . I would keep this out of Tomcat, but > thats just me. > > Again, if you have the ability upgrade to 2.4, disable mod_compatibility > and use the require all syntax, it will take more work, but apache has come > a long way sing 2.2. > > > > On Sat, Jan 18, 2014 at 2:46 PM, Dev Raj > <devaraj.takhellam...@gmail.com>wrote: > >> Hi, >> >> I have Apache 2.2 installed on my Unix Server and have a couple of >> Application servers running each of them having similar Document Root. >> >> For example, >> The URLS will look like below >> >> https://my-test1.com/demo/index.html >> https://my-prod1.com/demo/index.html >> https://my-qa1.com/demo/index.html >> >> The directory(Tomcat) folder looks like >> /myapp/my-test1/demo/index.html >> /myapp/my-prod1/demo/index.html >> /myapp/my-qa1/demo/index.html >> >> >> I would like to restrict access to the above prod1 URL for a specific set >> of IP's. How can I achieve this. Please tell. >> >> -- >> Regards, >> Devaraj >> > > > > -- Regards, Devaraj