<Context antiJARLocking="true" path="/"> <Valve className="org.apache.catalina.valves.RemoteIpValve" /> <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="{IP_address}" /> </Context>
Actually, since HTTP is based on a TCP connection, I don't know that you can say that IP addresses can be spoofed in the web context.
On 01/18/2014 09:59 PM, John List wrote:
On 01/18/2014 06:45 PM, Jeff Dyke wrote:
Remember that IPs are easily spoofed.
(IP addresses can be spoofed, but that's not a security problem in a web context since any response from the web server will be directed to the spoofed IP address, not the one that spoofed it.)
but we all do it, and the access restrictions are so much cleaner, as well as other things in apache2.4, so if you can i'd upgrade. You're obviously building these as VHosts, so they can go int the virutual host container, but you want this page: http://httpd.apache.org/docs/2.2/howto/access.html and http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow
In Apache 2.2
Order allow, denyAllow from 172.168.10
Each vhost can do this in a separate <Directory /myapp/my-test1/demo/> block but does not seem useful . I would keep this out of Tomcat, but thats just me.
Again, if you have the ability upgrade to 2.4, disable mod_compatibility and use the require all syntax, it will take more work, but apache has come a long way sing 2.2.
On Sat, Jan 18, 2014 at 2:46 PM, Dev Raj <devaraj.takhellambam@xxxxxxxxx> wrote:
Hi,
I have Apache 2.2 installed on my Unix Server and have a couple of Application servers running each of them having similar Document Root.
For example,
The URLS will look like below
https://my-test1.com/demo/index.html
https://my-prod1.com/demo/index.html
https://my-qa1.com/demo/index.html
The directory(Tomcat) folder looks like
/myapp/my-test1/demo/index.html
/myapp/my-prod1/demo/index.html
/myapp/my-qa1/demo/index.html
I would like to restrict access to the above prod1 URL for a specific set of IP's. How can I achieve this. Please tell.
--
Regards,
Devaraj