6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"How to disable Tomcat remote deployment?\",\"text\":\"

For security reasons, I would like to disable the remote deployment of web applications via Tomcat's manager page, which allows one to upload and deploy a war file. Is this possible?

\\n\\n

Are there any other recommendations for hardening Tomcat against possible attacks?

\\n\\n

Thanks in advance.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Adamski\"},\"upvoteCount\":0,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

Remove the manager (and also the other preinstalled folders) from the tomcat/webapps folder.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Tarlog\"},\"upvoteCount\":1}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","java",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/java/1","children":"java"}]}],["$","span","tomcat",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/tomcat/1","children":"tomcat"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/6cd776da01e915df274276084eb9858b?s=256&d=identicon&r=PG","alt":"Adamski","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/127479/adamski","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Adamski"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",54697]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"How to disable Tomcat remote deployment?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

For security reasons, I would like to disable the remote deployment of web applications via Tomcat's manager page, which allows one to upload and deploy a war file. Is this possible?

\n\n

Are there any other recommendations for hardening Tomcat against possible attacks?

\n\n

Thanks in advance.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",0]}],["$","p",null,{"children":["Views: ",2043]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","9681222",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/577fe43b4e1fc42429798aa8b693031e?s=256&d=identicon&r=PG","alt":"Riddhish.Chaudhari","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1236051/riddhish-chaudhari","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Riddhish.Chaudhari"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",853]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

web application could be restricted by the remote IP address or host by adding a RemoteAddrValve or RemoteHostValve in context.xml

\n\n

<Context privileged=\"true\">\n         <Valve className=\"org.apache.catalina.valves.RemoteAddrValve\"\n                allow=\"127\\.0\\.0\\.1\"/>\n</Context>\n

\n\n

http://blog.techstacks.com/2009/05/tomcat-management-setting-up-tomcat.html

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",0]}]}]]}],["$","div","9681217",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/w0Lho.jpg?s=256","alt":"Tarlog","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/547779/tarlog","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Tarlog"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",10154]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Remove the manager (and also the other preinstalled folders) from the tomcat/webapps folder.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","14320458",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/14320458","className":"text-blue-600 hover:underline","children":"Tomcat 7, cannot disable web application autoDeploy"}]}],["$","li","11083981",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/11083981","className":"text-blue-600 hover:underline","children":"Stop a web application tomcat from command line"}]}],["$","li","4132182",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4132182","className":"text-blue-600 hover:underline","children":"Prevent tomcat from starting application on deploy"}]}],["$","li","7639802",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7639802","className":"text-blue-600 hover:underline","children":"Disallow remote access to Tomcat Manager?"}]}],["$","li","30866257",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/30866257","className":"text-blue-600 hover:underline","children":"Disable direct access to application via Tomcat"}]}],["$","li","26738031",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/26738031","className":"text-blue-600 hover:underline","children":"How to deploy in tomcat server without making it down"}]}],["$","li","17701916",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/17701916","className":"text-blue-600 hover:underline","children":"How to not deploy on save on Tomcat"}]}],["$","li","17205145",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/17205145","className":"text-blue-600 hover:underline","children":"Avoiding the embedded tomcat in eclipse"}]}],["$","li","9964765",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/9964765","className":"text-blue-600 hover:underline","children":"Is it possible to turn off Hot Deployment in TomCat?"}]}],["$","li","4677854",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4677854","className":"text-blue-600 hover:underline","children":"How to disable tomcat undeploy my application?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

How to disable Tomcat remote deployment?

Answers (2)

Related Questions