Re: RemoteAddrValve | IP Subnet

[tomcat]

On 01.11.2018 13:34, Mark Thomas wrote:
On 01/11/2018 12:23, André Warnier (tomcat) wrote:
On 01.11.2018 12:35, Madhur Khurana wrote:
Hi,
I am using tomcat8 and would like to configure ip address with subnet
in RemoteAddrValve for IP whitelisting (Example: 0.0.0.0/0). Can
anyone help in how to configure subnet in allow field.


The page at
http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_Address_Valve
looks pretty easy to understand.

https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote_CIDR_Valve

might be a better match for what the OP is looking for.

With a slight critic of that section though : it states "This valve mimicks Apache's 
Order, Allow from and Deny from directives..".
That was Apache httpd up to 2.2, which is end-of-life since 2018/01/01.
Apache httpd 2.4 (the current version) has changed that syntax (and the underlying logic) 
quite a bit, and Order, Allow/Deny are now deprecated and replaced by
Require [not] IP
(with a wide variety of expressions for IP)
See https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html

Iow, the reference to "Apache" might best be removed, lest it confuses more than 
enlightens the casual reader.


Mark


Example 1 provides the syntax you are looking for.

By combining "allow" and "deny" attributes with the appropriate regular
expressions, you can allow or deny access (aka whitelist or blacklist)
from any range of client IP addresses.
Without a precise indication of which IP addresses/subnets you want to
"whitelist", there is not much else anyone here can tell you.

Is it (a) the "regular expression" part that you are having problems
with, or (b) the IP address format, or (c) the definition of a "subnet",
or .. ?

For (a), see for example :
http://www.vogella.com/tutorials/JavaRegularExpressions/article.html
For (b) and (c), start perhaps here :
https://en.wikipedia.org/wiki/Subnetwork




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org