Dear All, I'm hoping someone on this list can help me out.
I'm running Tomcat 5.5.20 on a staging server (192.171.160.186), which means that I want to be able to open some features to the world at large but restrict others to my own trusted machines for internal use. Specifically, my desired configuration is: 1) ROOT web application open to the world, so people can see my custom front page 2) "/mibbi" webapp open to the world, as this is the actual thing I'm developing and showing to beta testers 3) Everything else, including the /manager area and /exist (the XML database RPC interface) should be off limits to all but a set of explicitly listed IP addresses - ie. localhost and my own box, (192.171.160.155). Starting with a pretty-much default Tomcat installation, and based on the info in the Tomcat manual, I've added the following to the <Host> section in server.xml SNIP>>> <!-- Default rule - Restrict most services to trusted hosts: localhost and texugo --> <Context path=""> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1,192.171.160.155,192.171.160.186" deny=""/> </Context> <!-- I want to allow public access to the front page on the site --> <Context path="/ROOT" > <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow=".*" deny="" /> </Context> <!-- Allow MIBBI area access from anyone --> <Context path="/mibbi" > <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow=".*" deny="" /> </Context> <<<SNIP With the above settings in place I try to access the server from another 'untrusted' machine (192.171.174.146) but I get the following results: http://192.171.160.186:8080/ - access denied (!) http://192.171.160.186:8080/manager/html - access granted (!) http://192.171.160.186:8080/exist - access granted (!) http://192.171.160.186:8080/mibbi - access granted So I have only succeeded in blocking access to the front page, which is one of the two areas I wanted to leave unblocked. I've tried several permutations on the above, but with no more joy. Can anyone suggest a correct configuration, or an alternative way of getting what I want? Many thanks in advance, TIM -- Tim Booth <[EMAIL PROTECTED]> NEBC at CEH Oxford -- This message (and any attachments) is for the recipient only. NERC is subject to the Freedom of Information Act 2000 and the contents of this email and any reply you make may be disclosed by NERC unless it is exempt from release under the Act. Any material supplied to NERC may be stored in an electronic records management system. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]