2021-06-18

tomcat若前面有proxy,但又有阻擋ip的需求

 tomcat若前面有proxy,但又有阻擋ip的需求,可以如下設定
(假設ip放在X-Forwarded-For裡):

<Valve className="org.apache.catalina.valves.RemoteIpValve"

        remoteIpHeader="X-Forwarded-For" 

        requestAttributesEnabled="true" />

<Valve className="org.apache.catalina.valves.RemoteAddrValve"

   deny="1\.2\.3\.\d+|5\.5\.\d+\.\d+" />


REF:
https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Proxies_Support
https://stackoverflow.com/questions/33495416/restrict-access-to-tomcat-manager-by-ip