You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by rj...@apache.org on 2014/11/30 17:43:23 UTC
svn commit: r1642564 - in /tomcat/trunk:
java/org/apache/catalina/valves/RemoteAddrValve.java
java/org/apache/catalina/valves/RemoteHostValve.java
test/org/apache/catalina/valves/TestRequestFilterValve.java
webapps/docs/config/valve.xml
Author: rjung
Date: Sun Nov 30 16:43:23 2014
New Revision: 1642564
URL: http://svn.apache.org/r1642564
Log:
Add optional use of connector port in allow
and deny expressions for RemoteAddrValve
and RemoteHostValve.
For example one can let everybody access the
HTTPS connector but restrict access to HTTP
to localhost or a monitoring client.
Modified:
tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java
tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
tomcat/trunk/webapps/docs/config/valve.xml
Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java?rev=1642564&r1=1642563&r2=1642564&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java (original)
+++ tomcat/trunk/java/org/apache/catalina/valves/RemoteAddrValve.java Sun Nov 30 16:43:23 2014
@@ -27,12 +27,47 @@ import org.apache.catalina.connector.Res
/**
* Concrete implementation of <code>RequestFilterValve</code> that filters
- * based on the string representation of the remote client's IP address.
+ * based on the string representation of the remote client's IP address
+ * optionally combined with the server port number.
*
* @author Craig R. McClanahan
*/
public final class RemoteAddrValve extends RequestFilterValve {
+ // ----------------------------------------------------- Instance Variables
+
+ /**
+ * Flag deciding whether we add the server port to the property
+ * compared in the filtering method. The port will be appended
+ * using a "," as a separator.
+ */
+ protected volatile boolean addLocalPort = false;
+
+ // ------------------------------------------------------------- Properties
+
+
+ /**
+ * Get the flag deciding whether we add the server port to the
+ * property compared in the filtering method. The port will be appended
+ * using a "," as a separator.
+ */
+ public boolean getAddLocalPort() {
+ return addLocalPort;
+ }
+
+
+ /**
+ * Set the flag deciding whether we add the server port to the
+ * property compared in the filtering method. The port will be appended
+ * using a "," as a separator.
+ *
+ * @param addLocalPort The new flag
+ */
+ public void setAddLocalPort(boolean addLocalPort) {
+ this.addLocalPort = addLocalPort;
+ }
+
+
// --------------------------------------------------------- Public Methods
/**
@@ -51,7 +86,13 @@ public final class RemoteAddrValve exten
public void invoke(Request request, Response response)
throws IOException, ServletException {
- process(request.getRequest().getRemoteAddr(), request, response);
+ String property;
+ if (addLocalPort) {
+ property = request.getRequest().getRemoteAddr() + "," + request.getConnector().getPort();
+ } else {
+ property = request.getRequest().getRemoteAddr();
+ }
+ process(property, request, response);
}
}
Modified: tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java?rev=1642564&r1=1642563&r2=1642564&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java (original)
+++ tomcat/trunk/java/org/apache/catalina/valves/RemoteHostValve.java Sun Nov 30 16:43:23 2014
@@ -27,12 +27,47 @@ import org.apache.catalina.connector.Res
/**
* Concrete implementation of <code>RequestFilterValve</code> that filters
- * based on the remote client's host name.
+ * based on the remote client's host name optionally combined with the
+ * server port number.
*
* @author Craig R. McClanahan
*/
public final class RemoteHostValve extends RequestFilterValve {
+ // ----------------------------------------------------- Instance Variables
+
+ /**
+ * Flag deciding whether we add the server port to the property
+ * compared in the filtering method. The port will be appended
+ * using a "," as a separator.
+ */
+ protected volatile boolean addLocalPort = false;
+
+ // ------------------------------------------------------------- Properties
+
+
+ /**
+ * Get the flag deciding whether we add the server port to the
+ * property compared in the filtering method. The port will be appended
+ * using a "," as a separator.
+ */
+ public boolean getAddLocalPort() {
+ return addLocalPort;
+ }
+
+
+ /**
+ * Set the flag deciding whether we add the server port to the
+ * property compared in the filtering method. The port will be appended
+ * using a "," as a separator.
+ *
+ * @param addLocalPort The new flag
+ */
+ public void setAddLocalPort(boolean addLocalPort) {
+ this.addLocalPort = addLocalPort;
+ }
+
+
// --------------------------------------------------------- Public Methods
/**
@@ -51,7 +86,13 @@ public final class RemoteHostValve exten
public void invoke(Request request, Response response)
throws IOException, ServletException {
- process(request.getRequest().getRemoteHost(), request, response);
+ String property;
+ if (addLocalPort) {
+ property = request.getRequest().getRemoteHost() + "," + request.getConnector().getPort();
+ } else {
+ property = request.getRequest().getRemoteHost();
+ }
+ process(property, request, response);
}
}
Modified: tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java?rev=1642564&r1=1642563&r2=1642564&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java (original)
+++ tomcat/trunk/test/org/apache/catalina/valves/TestRequestFilterValve.java Sun Nov 30 16:43:23 2014
@@ -26,6 +26,7 @@ import static org.junit.Assert.fail;
import org.junit.Test;
+import org.apache.catalina.connector.Connector;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
@@ -38,20 +39,24 @@ public class TestRequestFilterValve {
private static final int FORBIDDEN = 403;
private static final int CUSTOM = 499;
- private static final String ADDR_ALLOW_PAT = "127\\..*";
- private static final String ADDR_DENY_PAT = ".*\\.1";
+ private static final String ADDR_ALLOW_PAT = "127\\.\\d*\\.\\d*\\.\\d*";
+ private static final String ADDR_DENY_PAT = "\\d*\\.\\d*\\.\\d*\\.1";
private static final String ADDR_ONLY_ALLOW = "127.0.0.2";
private static final String ADDR_ONLY_DENY = "192.168.0.1";
private static final String ADDR_ALLOW_AND_DENY = "127.0.0.1";
private static final String ADDR_NO_ALLOW_NO_DENY = "192.168.0.2";
- private static final String HOST_ALLOW_PAT = "www\\.example\\..*";
+ private static final String HOST_ALLOW_PAT = "www\\.example\\.[a-zA-Z0-9-]*";
private static final String HOST_DENY_PAT = ".*\\.org";
private static final String HOST_ONLY_ALLOW = "www.example.com";
private static final String HOST_ONLY_DENY = "host.example.org";
private static final String HOST_ALLOW_AND_DENY = "www.example.org";
private static final String HOST_NO_ALLOW_NO_DENY = "host.example.com";
+ private static final int PORT = 8080;
+ private static final String PORT_MATCH_PATTERN = ",\\d*";
+ private static final String PORT_NO_MATCH_PATTERN = ",8081";
+
static class TerminatingValve extends ValveBase {
@Override
@@ -74,14 +79,19 @@ public class TestRequestFilterValve {
}
private void oneTest(String allow, String deny, boolean denyStatus,
+ boolean addLocalPort,
String property, String type, boolean allowed) {
// PREPARE
RequestFilterValve valve = null;
+ Connector connector = new Connector();
Request request = new Request();
Response response = new MockResponse();
StringBuilder msg = new StringBuilder();
int expected = allowed ? OK : FORBIDDEN;
+ connector.setPort(PORT);
+ request.setConnector(connector);
+
if (type == null) {
fail("Invalid test with null type");
}
@@ -115,6 +125,16 @@ public class TestRequestFilterValve {
expected = CUSTOM;
}
}
+ if (addLocalPort) {
+ if (valve instanceof RemoteAddrValve) {
+ ((RemoteAddrValve)valve).setAddLocalPort(true);
+ } else if (valve instanceof RemoteHostValve) {
+ ((RemoteHostValve)valve).setAddLocalPort(true);
+ } else {
+ fail("Can only set 'addLocalPort' for RemoteAddrValve and RemoteHostValve");
+ }
+ msg.append(" addLocalPort='true'");
+ }
// TEST
try {
@@ -133,23 +153,162 @@ public class TestRequestFilterValve {
String OnlyAllow, String OnlyDeny,
String AllowAndDeny, String NoAllowNoDeny,
String type) {
- oneTest(null, null, false, AllowAndDeny, type, false);
- oneTest(allow_pat, null, false, AllowAndDeny, type, true);
- oneTest(allow_pat, null, false, NoAllowNoDeny, type, false);
- oneTest(allow_pat, null, true, AllowAndDeny, type, true);
- oneTest(allow_pat, null, true, NoAllowNoDeny, type, false);
- oneTest(null, deny_pat, false, AllowAndDeny, type, false);
- oneTest(null, deny_pat, false, NoAllowNoDeny, type, true);
- oneTest(null, deny_pat, true, AllowAndDeny, type, false);
- oneTest(null, deny_pat, true, NoAllowNoDeny, type, true);
- oneTest(allow_pat, deny_pat, false, NoAllowNoDeny, type, false);
- oneTest(allow_pat, deny_pat, false, OnlyAllow, type, true);
- oneTest(allow_pat, deny_pat, false, OnlyDeny, type, false);
- oneTest(allow_pat, deny_pat, false, AllowAndDeny, type, false);
- oneTest(allow_pat, deny_pat, true, NoAllowNoDeny, type, false);
- oneTest(allow_pat, deny_pat, true, OnlyAllow, type, true);
- oneTest(allow_pat, deny_pat, true, OnlyDeny, type, false);
- oneTest(allow_pat, deny_pat, true, AllowAndDeny, type, false);
+ String apat;
+ String dpat;
+
+ // Test without ports
+ apat = allow_pat;
+ dpat = deny_pat;
+ oneTest(null, null, false, false, AllowAndDeny, type, false);
+ oneTest(null, null, true, false, AllowAndDeny, type, false);
+ oneTest(apat, null, false, false, AllowAndDeny, type, true);
+ oneTest(apat, null, false, false, NoAllowNoDeny, type, false);
+ oneTest(apat, null, true, false, AllowAndDeny, type, true);
+ oneTest(apat, null, true, false, NoAllowNoDeny, type, false);
+ oneTest(null, dpat, false, false, AllowAndDeny, type, false);
+ oneTest(null, dpat, false, false, NoAllowNoDeny, type, true);
+ oneTest(null, dpat, true, false, AllowAndDeny, type, false);
+ oneTest(null, dpat, true, false, NoAllowNoDeny, type, true);
+ oneTest(apat, dpat, false, false, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, false, false, OnlyAllow, type, true);
+ oneTest(apat, dpat, false, false, OnlyDeny, type, false);
+ oneTest(apat, dpat, false, false, AllowAndDeny, type, false);
+ oneTest(apat, dpat, true, false, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, true, false, OnlyAllow, type, true);
+ oneTest(apat, dpat, true, false, OnlyDeny, type, false);
+ oneTest(apat, dpat, true, false, AllowAndDeny, type, false);
+
+ // Test with port in pattern but forgotten "addLocalPort"
+ apat = allow_pat + PORT_MATCH_PATTERN;
+ dpat = deny_pat + PORT_MATCH_PATTERN;
+ oneTest(null, null, false, false, AllowAndDeny, type, false);
+ oneTest(null, null, true, false, AllowAndDeny, type, false);
+ oneTest(apat, null, false, false, AllowAndDeny, type, false);
+ oneTest(apat, null, false, false, NoAllowNoDeny, type, false);
+ oneTest(apat, null, true, false, AllowAndDeny, type, false);
+ oneTest(apat, null, true, false, NoAllowNoDeny, type, false);
+ oneTest(null, dpat, false, false, AllowAndDeny, type, true);
+ oneTest(null, dpat, false, false, NoAllowNoDeny, type, true);
+ oneTest(null, dpat, true, false, AllowAndDeny, type, true);
+ oneTest(null, dpat, true, false, NoAllowNoDeny, type, true);
+ oneTest(apat, dpat, false, false, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, false, false, OnlyAllow, type, false);
+ oneTest(apat, dpat, false, false, OnlyDeny, type, false);
+ oneTest(apat, dpat, false, false, AllowAndDeny, type, false);
+ oneTest(apat, dpat, true, false, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, true, false, OnlyAllow, type, false);
+ oneTest(apat, dpat, true, false, OnlyDeny, type, false);
+ oneTest(apat, dpat, true, false, AllowAndDeny, type, false);
+
+ // Test with "addLocalPort" but port not in pattern
+ apat = allow_pat;
+ dpat = deny_pat;
+ oneTest(null, null, false, true, AllowAndDeny, type, false);
+ oneTest(null, null, true, true, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, NoAllowNoDeny, type, false);
+ oneTest(apat, null, true, true, AllowAndDeny, type, false);
+ oneTest(apat, null, true, true, NoAllowNoDeny, type, false);
+ oneTest(null, dpat, false, true, AllowAndDeny, type, true);
+ oneTest(null, dpat, false, true, NoAllowNoDeny, type, true);
+ oneTest(null, dpat, true, true, AllowAndDeny, type, true);
+ oneTest(null, dpat, true, true, NoAllowNoDeny, type, true);
+ oneTest(apat, dpat, false, true, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, false, true, OnlyAllow, type, false);
+ oneTest(apat, dpat, false, true, OnlyDeny, type, false);
+ oneTest(apat, dpat, false, true, AllowAndDeny, type, false);
+ oneTest(apat, dpat, true, true, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, true, true, OnlyAllow, type, false);
+ oneTest(apat, dpat, true, true, OnlyDeny, type, false);
+ oneTest(apat, dpat, true, true, AllowAndDeny, type, false);
+
+ // Test "addLocalPort" and with port matching in both patterns
+ apat = allow_pat + PORT_MATCH_PATTERN;
+ dpat = deny_pat + PORT_MATCH_PATTERN;
+ oneTest(null, null, false, true, AllowAndDeny, type, false);
+ oneTest(null, null, true, true, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, AllowAndDeny, type, true);
+ oneTest(apat, null, false, true, NoAllowNoDeny, type, false);
+ oneTest(apat, null, true, true, AllowAndDeny, type, true);
+ oneTest(apat, null, true, true, NoAllowNoDeny, type, false);
+ oneTest(null, dpat, false, true, AllowAndDeny, type, false);
+ oneTest(null, dpat, false, true, NoAllowNoDeny, type, true);
+ oneTest(null, dpat, true, true, AllowAndDeny, type, false);
+ oneTest(null, dpat, true, true, NoAllowNoDeny, type, true);
+ oneTest(apat, dpat, false, true, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, false, true, OnlyAllow, type, true);
+ oneTest(apat, dpat, false, true, OnlyDeny, type, false);
+ oneTest(apat, dpat, false, true, AllowAndDeny, type, false);
+ oneTest(apat, dpat, true, true, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, true, true, OnlyAllow, type, true);
+ oneTest(apat, dpat, true, true, OnlyDeny, type, false);
+ oneTest(apat, dpat, true, true, AllowAndDeny, type, false);
+
+ // Test "addLocalPort" and with port not matching in both patterns
+ apat = allow_pat + PORT_NO_MATCH_PATTERN;
+ dpat = deny_pat + PORT_NO_MATCH_PATTERN;
+ oneTest(null, null, false, true, AllowAndDeny, type, false);
+ oneTest(null, null, true, true, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, NoAllowNoDeny, type, false);
+ oneTest(apat, null, true, true, AllowAndDeny, type, false);
+ oneTest(apat, null, true, true, NoAllowNoDeny, type, false);
+ oneTest(null, dpat, false, true, AllowAndDeny, type, true);
+ oneTest(null, dpat, false, true, NoAllowNoDeny, type, true);
+ oneTest(null, dpat, true, true, AllowAndDeny, type, true);
+ oneTest(null, dpat, true, true, NoAllowNoDeny, type, true);
+ oneTest(apat, dpat, false, true, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, false, true, OnlyAllow, type, false);
+ oneTest(apat, dpat, false, true, OnlyDeny, type, false);
+ oneTest(apat, dpat, false, true, AllowAndDeny, type, false);
+ oneTest(apat, dpat, true, true, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, true, true, OnlyAllow, type, false);
+ oneTest(apat, dpat, true, true, OnlyDeny, type, false);
+ oneTest(apat, dpat, true, true, AllowAndDeny, type, false);
+
+ // Test "addLocalPort" and with port matching only in allow
+ apat = allow_pat + PORT_MATCH_PATTERN;
+ dpat = deny_pat + PORT_NO_MATCH_PATTERN;
+ oneTest(null, null, false, true, AllowAndDeny, type, false);
+ oneTest(null, null, true, true, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, AllowAndDeny, type, true);
+ oneTest(apat, null, false, true, NoAllowNoDeny, type, false);
+ oneTest(apat, null, true, true, AllowAndDeny, type, true);
+ oneTest(apat, null, true, true, NoAllowNoDeny, type, false);
+ oneTest(null, dpat, false, true, AllowAndDeny, type, true);
+ oneTest(null, dpat, false, true, NoAllowNoDeny, type, true);
+ oneTest(null, dpat, true, true, AllowAndDeny, type, true);
+ oneTest(null, dpat, true, true, NoAllowNoDeny, type, true);
+ oneTest(apat, dpat, false, true, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, false, true, OnlyAllow, type, true);
+ oneTest(apat, dpat, false, true, OnlyDeny, type, false);
+ oneTest(apat, dpat, false, true, AllowAndDeny, type, true);
+ oneTest(apat, dpat, true, true, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, true, true, OnlyAllow, type, true);
+ oneTest(apat, dpat, true, true, OnlyDeny, type, false);
+ oneTest(apat, dpat, true, true, AllowAndDeny, type, true);
+
+ // Test "addLocalPort" and with port matching only in deny
+ apat = allow_pat + PORT_NO_MATCH_PATTERN;
+ dpat = deny_pat + PORT_MATCH_PATTERN;
+ oneTest(null, null, false, true, AllowAndDeny, type, false);
+ oneTest(null, null, true, true, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, AllowAndDeny, type, false);
+ oneTest(apat, null, false, true, NoAllowNoDeny, type, false);
+ oneTest(apat, null, true, true, AllowAndDeny, type, false);
+ oneTest(apat, null, true, true, NoAllowNoDeny, type, false);
+ oneTest(null, dpat, false, true, AllowAndDeny, type, false);
+ oneTest(null, dpat, false, true, NoAllowNoDeny, type, true);
+ oneTest(null, dpat, true, true, AllowAndDeny, type, false);
+ oneTest(null, dpat, true, true, NoAllowNoDeny, type, true);
+ oneTest(apat, dpat, false, true, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, false, true, OnlyAllow, type, false);
+ oneTest(apat, dpat, false, true, OnlyDeny, type, false);
+ oneTest(apat, dpat, false, true, AllowAndDeny, type, false);
+ oneTest(apat, dpat, true, true, NoAllowNoDeny, type, false);
+ oneTest(apat, dpat, true, true, OnlyAllow, type, false);
+ oneTest(apat, dpat, true, true, OnlyDeny, type, false);
+ oneTest(apat, dpat, true, true, AllowAndDeny, type, false);
}
@Test
Modified: tomcat/trunk/webapps/docs/config/valve.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1642564&r1=1642563&r2=1642564&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/trunk/webapps/docs/config/valve.xml Sun Nov 30 16:43:23 2014
@@ -473,6 +473,9 @@
package. Please consult the Java documentation for details of the
expressions supported.</p>
+ <p>Optionally one can append the local server port separated with a
+ comma (",") to allow different expressions for each connector.</p>
+
<p><strong>Note:</strong> There is a caveat when using this valve with
IPv6 addresses. Format of the IP address that this valve is processing
depends on the API that was used to obtain it. If the address was obtained
@@ -511,7 +514,7 @@
remote client's IP address is compared to. If this attribute
is specified, the remote address MUST NOT match for this request to be
accepted. If this attribute is not specified, request acceptance is
- governed solely by the <code>accept</code> attribute.</p>
+ governed solely by the <code>allow</code> attribute.</p>
</attribute>
<attribute name="denyStatus" required="false">
@@ -520,6 +523,16 @@
it can be set to the value <code>404</code>.</p>
</attribute>
+ <attribute name="addLocalPort" required="false">
+ <p>Append the local server port to the client IP address separated
+ with a comma (","). If this is set to <code>true</code>, the
+ expressions configured with <code>allow</code> and
+ <code>deny</code> is compared against <code>ADDRESS-PORT</code>
+ where <code>ADDRESS</code> is the client IP address and
+ <code>PORT</code> is the Tomcat connector port which received the
+ request. The default value is <code>false</code>.</p>
+ </attribute>
+
</attributes>
</subsection>
@@ -530,6 +543,14 @@
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/>]]></source>
</subsection>
+ <subsection name="Example">
+ <p>To allow unrestricted access for the clients connecting from localhost
+ but for all other clients only to port 8443:</p>
+ <source><![CDATA[<Valve className="org.apache.catalina.valves.RemoteAddrValve"
+ addLocalPort="true"
+ allow="127\.\d+\.\d+\.\d+,\d*|::1,\d*|0:0:0:0:0:0:0:1,\d*|.*,8443"/>]]></source>
+ </subsection>
+
</subsection>
@@ -551,6 +572,9 @@
package. Please consult the Java documentation for details of the
expressions supported.</p>
+ <p>Optionally one can append the local server port separated with a
+ comma (",") to allow different expressions for each connector.</p>
+
<p><strong>Note:</strong> This filter processes the value returned by
method <code>ServletRequest.getRemoteHost()</code>. To allow the method
to return proper host names, you have to enable "DNS lookups" feature on
@@ -586,7 +610,7 @@
remote client's hostname is compared to. If this attribute
is specified, the remote hostname MUST NOT match for this request to be
accepted. If this attribute is not specified, request acceptance is
- governed solely by the <code>accept</code> attribute.</p>
+ governed solely by the <code>allow</code> attribute.</p>
</attribute>
<attribute name="denyStatus" required="false">
@@ -595,6 +619,16 @@
it can be set to the value <code>404</code>.</p>
</attribute>
+ <attribute name="addLocalPort" required="false">
+ <p>Append the local server port to the client hostname separated
+ with a comma (","). If this is set to <code>true</code>, the
+ expressions configured with <code>allow</code> and
+ <code>deny</code> is compared against <code>HOSTNAME-PORT</code>
+ where <code>HOSTNAME</code> is the client hostname and
+ <code>PORT</code> is the Tomcat connector port which received the
+ request. The default value is <code>false</code>.</p>
+ </attribute>
+
</attributes>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org