tpdi
Reputation: 35181
Disallow remote access to Tomcat Manager?
According to the Tomcat7 docs, I can add a valve to prevent access to the Tomcat Manager app except from localhost:
<Context privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.0\.0\.1"/>
</Context>
The docs are not so helpful in explaining where that snippet of XML is supposed to go.
Can someone help me with this, please?
Upvotes: 4
Views: 4888
Answers (1)
Cratylus
Reputation: 54094
You modify CATALINA_HOME/conf/Catalina/localhost/manager.xml to add the filter to allow only local access (as in your post) or specific IPs
Add the valve within the Context tag of the manager.xml
Upvotes: 3
Related Questions
- Restrict access to Tomcat manager by IP
- tomcat 7 manager app access denied
- Accessing Tomcat manager throws 404
- How to block access to Tomcat listening port, and allow localhost only?
- Tomcat manager does not ask to login
- Tomcat 7 Manager - how to authenticate?
- Disable Tomcat7 Manager
- Disable direct access to application via Tomcat
- Block access to an application from Tomcat
- How to disable Tomcat remote deployment?