Hi Chris,
Note that the "allow" and "deny" attributes are regular expressions, > so you can get as creative as possible. There was a request a while > back for a filter/valve that would operate on CIDR ranges... I don't > think that ever got committed. A quick BZ search didn't find anything. > It must have been on the mailing list. > The CIDR format would be more natural for the address filtering, but I could express the range with a regex, so this is not the problem. Combining the valves using OR is not really possible as you describe > it. Tomcat doesn't have anything like Apache httpd's "RequireAny". You > could easily write a new Valve that extends one or the other valve and > implements its own OR semantics. > Do I have to modify the tomcat sources for this, or could I keep my code in a separate library? I would like to avoid maintaining a patch for this and rebuilding tomcat after an upgrade. I do not know the tomcat API. Maybe it would be easier to install an apache httpd that directs the http/https ports to tomcat and configure this in the httpd config? I tried to configure this in iptables as well, but that does not support domains as I saw. Thanks, Miklos
