The documentation page at http://tomcat.apache.org/tomcat-5.5- doc/config/valve.html says: "The syntax for regular expressions is different than that for 'standard' wildcard matching. Tomcat uses the Jakarta Regexp library. Please consult the Regexp documentation for details of the expressions supported." This is incorrect. In reality, the standard Java regexp package java.util.regex is used. The syntax is slightly different than Jakarta Regexp. In particular, the matches() method is used by RemoteAddrValve/RemoteHostValve, which attempts to match the entire region against the pattern. E.g. I expected <Valve allow="^127\." ... to match localhost addresses. But this doesn't work, I must write <Valve allow="127\.0\.0\.\d" ... because the *entire* region is matched with java.util.regex. (Note the lack of anchor.) (While I'm reporting this as a documentation issue, it could also be viewed as a feature regression since region matches were previously supported, as far as I can tell.) NOTE: I'm logging this problem against 5.5, but it also exists in the 6.0 documentation.
Fixed in svn and will be included in 5.5.24 and 6.0.12. Thanks for the report.