How to restrict access by IP address with Tomcat?

To set up access restriction to your web-application for the certain IP addresses, add the following strings to /opt/tomcat/webapps/{web-application name}/META-INF/context.xml file:

<Context antiJARLocking="true" path="/">
 <Valve className="org.apache.catalina.valves.RemoteIpValve" />
 <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="{IP_address}" />
</Context>

Here is the instruction how to do this via Jelastic panel. Be sure to restart your Tomcat for the changes to take effect.

In Tomcat 7, you can configure it in the web.xml.

If it's for all web apps, you can configure it in tomcat7/conf/web.xml, if it is just for one web app, you can configure it in the tomcat7/webapps/$(WEB_APP)/WEB-INF/web.xml, it's very convenient.

The configuration uses a RemoteAddrFilter filter, there is an example in Container Provided Filters.

You add a Valve to the Context in context.xml (specifically, org.apache.catalina.valves.RemoteAddrValve). See the docs on Remote Host Filters.

This is an example:

in \apache-tomcat-7.0.33\conf\server.xml:

<Engine name="Catalina" defaultHost="localhost">
    ...
    ...
    ...
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
        allow="10\.132\.77\.55|10\.132\.76\.120|10\.132\.77\.47"/>
    ...
</Engine>