Reputation: 113
Tomcat7 allow access to manager app for multiple hosts configuration
I have configured Tomcat7 (7.0.82) to host web apps for multiple host names by adding a Host entry for each domain in the server.xml file. This works as expected. Below is my Engine definition in server.xml:
<Engine defaultHost="localhost" name="Catalina">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log." suffix=".txt"/>
</Host>
<Host appBase="xxx-webapps" autoDeploy="true" name="xxx.domain.com" unpackWARs="true">
</Host>
<Host appBase="yyy-webapps" autoDeploy="true" name="yyy.domain.com" unpackWARs="true">
</Host>
</Engine>
Now I want to enable access to the manager app for each Host.
A user is added to the tomcat-users.xml file in conf/.
I have create a manager.xml file for each Host and placed these files in the respective domain-named subfolders in /conf, e.g. \conf\Catalina\yyy.domain.com\manager.xml. The contents of the manager.xml files are the same and contains only this information:
<?xml version='1.0' encoding='utf-8'?>
<Context docBase="${catalina.home}/webapps/manager"
antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1" />
</Context>
The manager app works when accessing it directly through localhost/manager, but I get the default 403 Access Denied immediately for the alternative Hosts on yyy.domain.com/manager; no login prompt is shown.
Am I to refer to the tomcat-users.xml file from the manager.xml file or should I somehow create a reference in the manager.xml files to the UserDatabase defined within the Engine?
Upvotes: 0
Views: 671
Answers (1)
Reputation: 1
Just remove the "Valve" tag. It's allow only "localhost" access (127.0.0.1).
Upvotes: 0
Related Questions
- Apache Tomcat 9 unable to access manager webapp
- Access Tomcat Manager App from different host
- Restrict access to Tomcat manager by IP
- tomcat 7 manager app access denied
- tomcat 9 Host Manager 403 Access Denied
- Disallow remote access to Tomcat Manager?
- 403 Access Denied on tomcat 7 to access host manager
- Tomcat Manager is not accessible in multi-domain configuration
- Unable to access Manager app on Tomcat 7.0.39
- Setting up manager role for Tomcat 7