How to make TOMCAT accessible only localhost except one app

Question

I'm running TOMCAT server. Due security reasons I have to limit access to localhost only but one app have to be accessible from outside (any IP). I tryed using the valve placed in server.xml but I was only able to block access to specific functions / apps like host-manager.

How to limit all but one app?

EDIT: This line inside server.xml blocks everything except localhost:

<Server>
<Service>
<Engine>
<Host>

...

<Valve className="org.apache.catalina.valves.RemoteAddrValve" 
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/>

</Host>
</Engine>
</Service>
</Server>

How to add exception for one app that has to be accessible from outside?

Thanks for help in advance :-)

Answer 1

You need 2 directories storing the different webapps, and a minimal config looks like this where serverhost is your servername as known on your network :

<Service name="internal">
  <Connector port="8081" protocol="HTTP/1.1" address="localhost" />
  <Engine name="Engine1internal" defaultHost="localhost">
    <Host name="localhost" appBase="webapps1"></Host>
  </Engine>
</Service>

<Service name="exposed">
  <Connector port="8080" protocol="HTTP/1.1" address="192.168.1.2"/>
  <Engine name="Engine2exposed" defaultHost="serverhost">
    <Host name="serverhost" appBase="webapps2"></Host>
  </Engine>
</Service>

Of course if you want to keep webapps directory, create just one dir to store the other app. I didn't test but adapted from another config, so feel free to comment/edit my answer if necessary.