You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Alex Mestiashvili <al...@biotec.tu-dresden.de> on 2008/08/01 08:22:02 UTC

Re: How to restrict access to tomcat manager to specific hosts?

Nar Karapetyan wrote:
> Hi,
>
> I need to allow access to tomcat manager (http://<servername>:<port>/manager/html)
> only to the localhost using Tomcat's means.
>
> Inspecting the request for the IP, and blocking a non-localhost ip is not 
> accepted as per the requirement I have.
>
> How can I do that?
>
> I have tried to add the following to the catalina.policy file, but it didn't work:
>
> grant codeBase "http://<server ip>:8080/manager/html" {
>    permission java.net.SocketPermission "127.0.0.1", "connect";
> };
>
> Thank you,
> Regards,
> Nareg Garabedian
>
>
>
>       
>   
Hi ,

$CATALINA_HOME/conf/Catalina/localhost/manager.xml

$cat manager.xml
<Context path="/manager" debug="0" privileged="true">

      <Valve className="org.apache.catalina.valves.RemoteAddrValve" 
allow="127.0.0.1,192.168.1.107"/>

      <!-- Link to the user database we will get roles from
      <ResourceLink name="users" global="UserDatabase" 
type="org.apache.catalina.UserDatabase"/>
        -->

</Context>



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org