Use the Remote Host Filter Valve. [A valve, Tomcat only, is a Java class that preprocesses access requests. You can associate valves in server.xml to the containers engine, host and context.] It allows you to specify, at configuration time, whether or not requests coming from certain (sets of) hosts should be allowed or denied (using regular expressions). By default, all accesses are allowed. Look in server.xml for RemoteHostValve.
<Valve className="org.apache.catalina.valves.RemoteHostValve" deny="esuswin*"/>
Will deny access to my computer named esuswin2000.