Yes, the Tomcat Valve subsystem is where you can log and filter stuff like that.
However, as a general rule, limiting access by source IP address is something better done using the machine's firewall. It blocks earlier in the pipeline and can limit access to all servers on the machine, not just Tomcat (for example, Apache).
It should be noted that HTTP is no longer the recommended protocol in many cases. A lot of servers will immediately flip you over to HTTPS.
Also, I hope you're not trying to restrict access for for users based on their source IP address. That's an extremely unreliable means of identification.
An IDE is no substitute for an Intelligent Developer.