How to restrict access by IP address with Tomcat?

Does anyone know if Tomcat can restrict ac开发者_如何学Pythoncess to certain application by IP address (like Apache's .htaccess)?

You add a Valve to the Context in context.xml (specifically, org.apache.catalina.valves.RemoteAddrValve). See the docs on Remote Host Filters.

This is an example:

in \apache-tomcat-7.0.33\conf\server.xml:

<Engine name="Catalina" defaultHost="localhost">
    ...
    ...
    ...
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
        allow="10\.132\.77\.55|10\.132\.76\.120|10\.132\.77\.47"/>
    ...
</Engine>

In Tomcat 7, you can configure it in the web.xml.

If it's for all web apps, you can configure it in tomcat7/conf/web.xml, if it is just for one web app, you can configure it in the tomcat7/webapps/$(WEB_APP)/WEB-INF/web.xml, it's very convenient.

The configuration uses a RemoteAddrFilter filter, there is an example in Container Provided Filters.

To set up access restriction to your web-application for the certain IP addresses, add the following strings to /opt/tomcat/webapps/{web-application name}/META-INF/context.xml file:

<Context antiJARLocking="true" path="/">
 <Valve className="org.apache.catalina.valves.RemoteIpValve" />
 <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="{IP_address}" />
</Context>

Here is the instruction how to do this via Jelastic panel. Be sure to restart your Tomcat for the changes to take effect.

in Tomcat 9,you can configure it in path:apache-tomcat-9.0.14\webapps\manager\META-INF\context.xml