I am successfully able to access my webapp using the external IP for my server. However I would now like to restrict access to the server by IP.
I have added the following in conf/server.xml:
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" resolveHosts="true"/>
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\\.0\\.0\\.1|192\\.*\\.*\\.*|0\\.*\\.*\\.*|<my external machine ip>" deny=""/>
However i still cant access the webapp from my . If i remove the RemoveAddrValue block then i can access the webapp from the external machine.
I am using apache-tomcat-7.0.47
How can i restrict external access via IP. Is this the correct approach?
Best Answer
I would use a different approach. Either use a firewall (this is the best method unless you need the web server to be accessable but the appserver to be not), or use Apache's own controls Allow and Deny.