marc,
do i understand you correct that you only whant to accept requests
from "localhost"?
next: wouldn't authorization solve your problem?
rgds
gregor
Am 28.02.2009 um 19:14 schrieb Zak Mc Kracken <zakmc...@yahoo.it>:
Thank you all for replies and detailed explanation. Now I understand
what's happening. My specific problem is restrict a single web
application to clients coming from localhost only. This was not
working (everything blocked):
<Context>
<Valve className="org.apache.catalina.valves.RemoteHostValve"
allow="localhost"/>
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.0\.0\.1" deny="" />
</Context>
I am using a Mac and, after your replies, I tried to see what
request.getRemoteAddr() and request.getRemoteHost(). Well, it turns
out that they both return "0:0:0:0:0:0:0:1%0", so now everything
works with:
<Context>
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.0\.0\.1,0:0:0:0:0:0:0:1\%0" deny="" />
</Context>
Moreover, André's reply is pretty convincing, although it seems to i
mply that RemoteHostValve should be avoided (isn't DNS reverse looku
p cached?) and cannot be chained with RemoteAddrValve. Of course one
can do what you suggests, although this is a bit impractical in lar
ge networks where one wouldn't like to care about IP changes of symb
olic names. Worse, I don't see what I could do to grant access to si
ngle PCs in those LANs where users have fixed host names for their P
Cs, but DHCP-assigned IPs (OK, maybe it's a theoretical case, I woul
d probably switch to user/password).
Cheers.
Marco.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org