PAS for OpenEdge is configured with filters that allow you to deny access based on IP addresses or host names. These filters are implemented as valves in the /conf/server.xml file of the instance. The following code from the default server.xml shows that the filters are set to allow access by anyone:
<Valve className="org.apache.catalina.valves.RemoteHostValve"
 allow=".*"/>
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
 allow=".*"/>

The RemoteHostValve and RemoteAddrValve filters can take two attributes:

allow
A comma-delimited list of regular expressions that a client must match in order to be allowed access.
deny
A comma-delimited list of regular expressions that, when matched, excludes a client from access.
Note: Enabling remote hostname filters requires DNS hostname resolution, which can result in slower performance.