Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Aleph: How to configure Tomcat to accept requests from specific IP addresses only

     

    • Product: Aleph
    • Product Version: 22, 23
    • Relevant for Installation Type: Dedicated-Direct, Direct, Local, Total Care

     

    Description

    The webserver and servlet container Tomcat accepts HTTP requests from specific IP addresses only.

    Resolution

    (1)
    Log on to the Aleph server as UNIX user aleph.


    (2)
    Stop Tomcat by executing the Aleph utility util_w_2_7_1.


    (3)
    In the template file $aleph_dev/ng/aleph/home/profile/overwrites/thirdparty/tomcat/conf/server.xml.tmpl ,
    define a Remote Address Filter by adding the element

    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="<regex_for_IP_addresses"/>

    before the end tag </Host> at the bottom of the file.

    Important note:
    ===============
    One needs to specify the value of the parameter "allow" as a regular expression.

    Example:
    If Tomcat should accept HTTP requests from the IP addresses 127.0.0.1 and 10.1.49.40 only
    then the Remote Address Filter needs to be defined as follows:

    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1|10\.1\.49\.40"/>


    For more information please consult the section "Remote Address Filter" in the Tomcat documentation (http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_Address_Filter).


    (4)
    Execute the script $aleph_dev/ng/aleph/home/system/bin/set_globals.sh:

    $ jbin
    $ ./set_globals.sh

    The script set_globals.sh creates the file $aleph_dev/ng/aleph/home/system/thirdparty/tomcat/conf/server.xml
    from the template file $aleph_dev/ng/aleph/home/profile/overwrites/thirdparty/tomcat/conf/server.xml.tmpl.

    For a detailed explanation please see section "Additional information" below.


    (5)
    Start Tomcat by executing the Aleph utility util_w_3_7_9.

     

    Additional Information

    Explanation:

    The script set_globals.sh copies the template file $aleph_dev/ng/aleph/home/profile/overwrites/thirdparty/tomcat/conf/server.xml.tmpl
    to the pathname $aleph_dev/ng/aleph/home/system/thirdparty/tomcat/conf/server.xml .

    Then the script replaces the placeholders

    @@http.port@@
    @@http.connectiontimeout@@
    @@jndi.port@@

    in the file server.xml with the corresponding values given in the file $aleph_dev/ng/aleph/home/profile/global.properties .

    This implies that any manual changes in the file server.xml will be overwritten the next time one executes the script set_globals.sh.

    In order to make any changes permanent which go beyond the three parameters given above, one needs to change the template file server.xml.tmpl and then execute the script set_globals.sh.


    • Article last edited: 5-Apr-2016