NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

381

382

383

384

385

386

387

388

389

390

Security Considerations

NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006

8-34

Remote Address Filter

The Remote Address Filter valve compares the IP address of the host that sends a

request against one or more regular expressions, and either allows the request to

continue or refuses to process the request from the host. You can associate a Remote

Address Filter with any Catalina container (Engine, Host, or Context). The Remote

Address Filter must accept any request presented to the associated container for

processing before passing on the request.

Table 8-10 lists the attributes that can be used to configure a Remote Address Filter

valve.

Table 8-9. Remote Host Filter Attributes

Attribute Description

classname Specifies the Java class name for this valve. You must set this attribute

to org.apache.catalina.valves.RemoteHostValve.

allow Specifies a comma-separated list of regular expression patterns with

which the remote hostname is compared. If you specify this attribute,

the hostname from an incoming request must match an expression for

the request to be accepted. If you do not specify this attribute, all

requests are accepted unless the remote hostname matches a deny

pattern.

deny Specifies a comma-separated list of regular expression patterns with

which the remote hostname is compared. If you specify this attribute,

the hostname from an incoming request must not match any expression

for the request to be accepted. If you do not specify this attribute, all

requests are accepted based on the allow attribute.

Table 8-10. Remote Address Filter Attributes

Attribute Description

classname Specifies the Java class name for this valve. You must set this attribute

to org.apache.catalina.valves.RemoteAddrValve.

allow Specifies a comma-separated list of regular expression patterns with

which the remote client’s IP address is compared. If you specify this

attribute, the remote client’s IP address from an incoming request must

match an expression for the request to be accepted. If you do not

specify this attribute, all requests are accepted unless the remote

client’s IP address matches the deny pattern.

deny Specifies a comma-separated list of regular expression patterns with

which the remote client’s IP address is compared. If you specify this

attribute, the remote client’s IP address from an incoming request must

not match any expression for the request to be accepted. If you do not

specify this attribute, all requests are accepted based on the allow

attribute.