Deny takes precedence over allow. (The valve is missing the option to define the order)
I'm not shure if that explain all your problems but some. http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/valves/RequestFilterValve.java?rev=1.3&view=auto > -----Original Message----- > From: Jason Keltz [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 10, 2004 4:20 PM > To: Tomcat Users List > Cc: [EMAIL PROTECTED] > Subject: Re: Restrict to specific IP's > > > Actually, here's more information on the Restricting IPs not > working .. > > If I use: > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > allow="A.B.C.D,A.B.C.E"/> > > I can access the app from the host at IP A.B.C.D and IP A.B.C.E, and > cannot access the app from anywhere else, so this works. > > However, if I try to be more explicit, and add a "deny" as follows: > > deny=".*" or deny="A.B.*" to the end of Valve statement, I get refused > connection from all hosts, including the hosts in the allow list that > should still be allowed access. > > If I try to go back to using "RemoteHostValve", and trying the same > tests.. > > If I specify a single host in the allow list that is the host I am > accessing the webapp from, I get refused from that host, and > every other host. I've even tried expanding the regexp on the allow -- > "^host$" and > it doesn't work. > > Jason. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
