Tomcat uses a mechanism called valves to filter IP source addresses. A particular type of valve element called a remote address filter, can be inserted into the Tomcat processing stream to allow or deny access to the server. The remote address filter may be used in several different containers: Engine, Host, or Context. If you wish to secure your server for localhost use only, add the following lines to the engine container. Edit the $CATALINA_HOME/conf/server.xml configuration file. Find the lines .... <!-- Define the top level container in our container hierarchy --> <Engine name="Catalina" defaultHost="localhost" debug="0"> Add the following statements underneath .. <!-- Allow only localhost to access this server --> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1,0:0:0:0:0:0:0:1%0,::1" /> For a complete description on the use of this mechanism see the Server Configuration Reference.