And if you want to deny from only one ip and allow all other ip's use the following For. I would suggest using the default tomcat valves or servlet filters in your application if that solves your problem. The reason we needed a custom valve was that some parts of the tomcat management application Psi-Probe would 'leak out' even though we used the RemoteAddrValve in the element of the application. We want to prevent any dircect access to JBoss. All requests should come through our httpd AJP proxy. We've tried RemoteAddrValve and RemoteHostValve, but they block all requests through the proxy still even though it should allow requests from the httpd ip. Tomcat 7 - RemoteAddrValve comma separated IP Address Failure. Greenhorn Posts: 14. Posted 10 years ago. Number of slices to send: Optional 'thank-you' note: Send. Hi When I put into my server.xml the line below all works fine & I can access my server from that specified ip address. When the RemoteAddrValve denies a request, no message is logged, and no explanation appears in the generated HTML page. There needs to be some indication that the RemoteAddrValve is involved so the admin isn't sent on a wild goose chase. Comment 1 Mark Thomas 2015-03-14 14:26:47 UTC.
Remoteaddrvalve Allow All
I'm looking for instructions on how to use RemoteAddrValve to protect web applications at the context level.
Using JBoss 4.0.2, two HTTP connectors - one LAN one Internet.
10.254.251.20:9006 & a.b.c.d:80
I want to allow access to the web-console, jmx, etc., and a custom admin console web-app from the LAN (remote-address will be 10.254.*) but disable it for Internet remote clients.
I've looked at Wiki articles and the Admin docs; they talk about it being possible at the Tomcat container level and simply link to Tomcat docs.
Following the instructions in those docs to create a per-context XML configuration hasn't met with success so far.
I tried adding a context.xml to jboss/server/all/work/localhost/web-console/
<Valve className='org.apache.catalina.valves.RemoteHostValve' allow='10.254.*.*' deny '*' / >
But it doesn't seem to be used.