You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/06/23 20:16:44 UTC

svn commit: r1750011 - in /tomcat/trunk/webapps/docs: changelog.xml security-howto.xml

Author: markt
Date: Thu Jun 23 20:16:44 2016
New Revision: 1750011

URL: http://svn.apache.org/viewvc?rev=1750011&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59672
Update the security considerations page of the documentation web application to take account of the fact that the Manager and HostManager applications now have a RemoteAddrValve configured by default

Modified:
    tomcat/trunk/webapps/docs/changelog.xml
    tomcat/trunk/webapps/docs/security-howto.xml

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1750011&r1=1750010&r2=1750011&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Jun 23 20:16:44 2016
@@ -124,6 +124,12 @@
         error handler for the Drawboard WebSocket example when the root cause is
         the client disconnecting since the logs add no value. (markt)
       </fix>
+      <fix>
+        <bug>59672</bug>: Update the security considerations page of the
+        documentation web application to take account of the fact that the
+        Manager and HostManager applications now have a
+        <code>RemoteAddrValve</code> configured by default. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Tribes">

Modified: tomcat/trunk/webapps/docs/security-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1750011&r1=1750010&r2=1750011&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/trunk/webapps/docs/security-howto.xml Thu Jun 23 20:16:44 2016
@@ -139,10 +139,11 @@
        <li>Do not remove the use of the <a
            href="config/realm.html#LockOut_Realm_-_org.apache.catalina.realm.LockOutRealm">LockOutRealm</a>
            which prevents brute force attacks against user passwords.</li>
-       <li>Uncomment the <a href="config/valve.html#Remote_Address_Filter">RemoteAddrValve</a>
-           in <code>/META-INF/context.xml</code> which limits access to
-           localhost. If remote access is required, limit it to specific IP
-           addresses using this valve.</li>
+       <li>Configure the <a href="config/valve.html#Remote_Address_Valve">RemoteAddrValve</a>
+           in the <a href="config/context.html">context.xml</a> file for the
+           management application which limits access to localhost by default.
+           If remote access is required, limit it to specific IP addresses using
+           this valve.</li>
      </ul>
    </subsection>
   </section>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org