> On 2025 Nov 11, at 19:05, James H. H. Lampert > <[email protected]> wrote: > > I've updated a customer box from 9.0.106 to 9.0.111, and I'm getting a weird > error that's keeping Manager from coming up. > >> 11-Nov-2025 18:44:59.637 SEVERE [main] >> org.apache.catalina.valves.RemoteCIDRValve.setAllow >> 127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|65.76.160.206|68.4.199.145: The >> address [127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|65.76.160.206|68.4.199.145] >> is not valid > > The address string in the allow clause of the RemoteCIDRValve in > manager/META-INF/context.xml is exactly the same as what it was in their 106 > server, and very nearly identical to one in a working 111 environment, and > yet it's getting rejected. > > Any ideas of what could be the matter?
AFAICT from a brief perusal of the code, the RemoteCIDRValve only supports regex for the optional port numbers; IP addresses must use just comma-separated CIDR notation. (The RemoteAddrValve does use regex for IP addresses, but it has been deprecated in favor of the CIDR one.) The documentation is not terribly clear about this. I think your allow expression should be something like “127.0.0.0/8,::1,0:0:0:0:0:0:0:1,65.76.160.206,68.4.199.145”. (The two IPv6 entries appear to be functionally identical, so one could likely be removed.) - Chuck --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
