Tomcat Valve 设置 [英] Tomcat Valve settings

问题描述

我认为我遇到了某种配置问题.我需要保护一个文件夹，它位于我的实际 tomcat 应用程序中，可从一定的 IP 范围.

I'm stuck with sort of a configuration issue I think. I need to protect a folder which is within my actual tomcat application from access from a certain IP range.

我以为这是serverfault，所以我发布了问题那里.现在我不确定这是 SO 还是 SF...

I thought this was serverfault, so I posted the question there. Right now I'm not sure whether this is SO or SF anyways...

尽管如此，我还是继续尝试自己动手，并认为我需要设置

Nevertheless I kept on trying geting it going by myself and figured that I need to set the

org.apache.catalina.valves.RemoteAddrValve

对于我的那个文件夹.可悲的是，我无法到达我需要的地方环境.web.xml、server.xml ?两个都试过，都没有成功.任何人都可以请帮我解决这个问题.

for that folder of mine. Sadly I just can't get where I need to make that setting. web.xml, server.xml ? Tried both, null success. Could anyone pls help me out on this.

tia

K

推荐答案

它应该在 server.xml 中的 元素中:

It should go inside your <Context> element in server.xml:

<Context
    path="/tcadmin"
    docBase="${catalina.home}/server/webapps/admin"
    privileged="true"
>
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
        allow="127.0.0.1"
    />
</Context>

请记住，字符串值是正则表达式模式，因此必须使用反斜杠对特殊的正则表达式字符(例如 dot(.) )进行转义.

Just remember, that the string values are regex patterns, so special regex characters ( e.g. dot(.) ) has to be escaped with backslashes.

EDIT:回复 OP 的评论.我认为您需要在您的网络应用程序中实现一个 FILTER 并将其配置为接受或根据他们的远程地址 IP 拒绝请求.可以从传递给 doFilter 方法的 ServletRequest 对象中检索远程地址.

EDIT: in reply to OP's comment. I think you need to implement a FILTER in your web app and configure it to accept or reject requests based on their remote address IP. Remote address can be retrieved from ServletRequest object passed into doFilter method.

您在 web.xml 文件中声明过滤器:

You declare a filter in your web.xml file:

<filter>
  <filter-name>GatekeeperFilter</filter-name>
  <filter-class>your.package.GatekeeperFilter</filter-class>
  <init-param>
    <param-name>allowedNetwork</param-name>
    <param-value>192.168.2.*</param-value>
  </init-param>
</filter>

<filter-mapping>
  <filter-name>GatekeeperFilter</filter-name>
  <url-pattern>/path/to/protected/folder</url-pattern>
</filter-mapping>

阅读有关接受初始化参数需要做什么的链接文章.我认为对于您的决定，您可以无耻地从 RequestDumperValve 复制代码.

Read the linked article about what need to be done to accept init parameters. I think for your decision making you can shamelessly copy the code from the RequestDumperValve.

这篇关于Tomcat Valve 设置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！