My linux world » Tomcat Valve Survival Guide

Tomcat Valve Survival Guide


Contents

Tomcat Manager

To protect access, we can use Tomcat Valve (introduced with Tomcat 4).

The access log valve

It creates log files to track client access information.
Some of the content that it tracks includes page hit counts, user session activity, user authentication information, and much more. The Access Log valve can be associated with an engine, host, or context container.

<Valve 
  className="org.apache.catalina.valves.AccessLogValve" 
  directory="logs" 
  prefix="localhost_access_log." 
  suffix=".txt" 
  pattern="common"
/>

This code snippet states that the log files will be placed in the $CATALINA_HOME/logs directory, prepended with the value localhost_access_log., and appended with the .txt suffix.

The Remote Address Filter

The Remote Address filter, org.apache.catalina.valves.RemoteAddrValve, allows you to compare the IP address of the requesting client against one or more regular expressions to either allow or prevent the request from continuing based on the results of this comparison. A Remote Address filter can be associated with a Tomcat Engine, Host, or Context container.

<Valve 
  className="org.apache.catalina.valves.RemoteAddrValve" 
  deny="127.*" 
/>

This valve entry denies access to the assigned container for all client IP addresses that begin with 127. If I assign this valve entry to the host container localhost, then all clients with an IP address beginning with 127 will see a http status 403 – Frobidden page.

The Remote Host Filter

The Remote Host filter—org.apache.catalina.valves.RemoteHostValve is much like the RemoteAddrValve, except it allows you to compare the remote host address of the client that submitted this request instead of the fixed IP address. A Remote Host filter can be associated with a Tomcat Engine, Host, or Context container. An example entry using the org.apache.catalina.valves.RemoteHostValve can be found in the following code snippet.

<Valve 
  className="org.apache.catalina.valves.RemoteHostValve" 
  deny="virtuas*"
/>

This valve entry denies access to the assigned container for all client hostnames including virtuas. If I assign this valve entry to the host container localhost, then all clients beginning with virtuas will see a 403 – Forbidden page.


Copyright © 2023 My linux world - by Marc RABAHI
Design by Marc RABAHI and encelades.

Fork me on GitHub