I'm trying to block all traffic within Tomcat except two ips. I found out that I can do that within the server.xml file, so I have this:
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.1.2" />
</Host>
This is working, but now I want that there are two ip's allowed, so I tried the following two options that I found on internet:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.1.2,192.168.1.22" />
and
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192\.168\.1\.\2|192\.168\.1\.22" />
But both are not working, what am I doing wrong here?
I'm using Tomcat version 8.5.46.0 on Red Hat.
Try the following, it should work
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="192.168.1.2|192.168.1.22" deny=""/>
Since Tomcat 7 the IPs should no be separated by commas, instead you should use a pipe | and no backslashes.