ok. got off my lazy butt and looked at the code. RemoteHostValve uses request.getRequest().getRemoteHost()
so just the javadoc needs updating for RemoteHostValve.java. I'm sure this was just a copy of RemoteAddrValve. ;-) Now i just need to figure out how to configure my tomcat to return values for getRemoteHost calls. From: *Tony Tomcat <[EMAIL PROTECTED]>* Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: *Sep 20, 2005 4:35 PM* Subject: *Re: org.apache.catalina.valves.RemoteHostValve issue* Reply | Reply to all | Forward | Print | Add sender to Contacts list | Trash this message | Show original > ---------- Forwarded message ---------- > From: Mark Thomas <[EMAIL PROTECTED]> > To: Tomcat Users List <tomcat-user@jakarta.apache.org> > Date: Wed, 17 Aug 2005 08:03:45 +0100 > Subject: Re: org.apache.catalina.valves.RemoteHostValve issue > Tony Tomcat wrote: > > Does the RemoteHostValve work? There are no examples in the Tomcat 5 > > docs and the tomcat 4 docs have the following.. > > > > <Valve className="org.apache.catalina.valves .RemoteHostValve" > > allow="*.mycompany.com, www.yourcompany.com<http://www.yourcompany.com/> > "/> > > The docs have been updated for 4 and 5 not to use this example. > > The problem is that . is a special character in a regular expression > and needs to be escaped if you want to match a single . character in > your input. > > The regexp docs are the place to read up on this. > > The following should work but I haven't tried it. > > <Valve className="org.apache.catalina.valves. RemoteHostValve" > allow=".*mycompany\.com,www\.yourcompany\.com"/> > > Mark > Actually.. according to the documentation the RemoteHostValve and RemoteAddrValve both do the same thing.. They both say... "Concrete implementation of RequestFilterValve that filters based on the string representation of the remote client's IP address." The javadoc is exactly the same except the class name. :-P Is it safe to say that tomcat doesn't support FQDN filtering (or is this just a typo/(cut-paste) issue? If it does support it are there performance implications since it seems that it would need to do a DNS lookup on all incoming connections.