You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/06/23 20:16:44 UTC
svn commit: r1750011 - in /tomcat/trunk/webapps/docs: changelog.xml
security-howto.xml
Author: markt
Date: Thu Jun 23 20:16:44 2016
New Revision: 1750011
URL: http://svn.apache.org/viewvc?rev=1750011&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59672
Update the security considerations page of the documentation web application to take account of the fact that the Manager and HostManager applications now have a RemoteAddrValve configured by default
Modified:
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/security-howto.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1750011&r1=1750010&r2=1750011&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Jun 23 20:16:44 2016
@@ -124,6 +124,12 @@
error handler for the Drawboard WebSocket example when the root cause is
the client disconnecting since the logs add no value. (markt)
</fix>
+ <fix>
+ <bug>59672</bug>: Update the security considerations page of the
+ documentation web application to take account of the fact that the
+ Manager and HostManager applications now have a
+ <code>RemoteAddrValve</code> configured by default. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Tribes">
Modified: tomcat/trunk/webapps/docs/security-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1750011&r1=1750010&r2=1750011&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/trunk/webapps/docs/security-howto.xml Thu Jun 23 20:16:44 2016
@@ -139,10 +139,11 @@
<li>Do not remove the use of the <a
href="config/realm.html#LockOut_Realm_-_org.apache.catalina.realm.LockOutRealm">LockOutRealm</a>
which prevents brute force attacks against user passwords.</li>
- <li>Uncomment the <a href="config/valve.html#Remote_Address_Filter">RemoteAddrValve</a>
- in <code>/META-INF/context.xml</code> which limits access to
- localhost. If remote access is required, limit it to specific IP
- addresses using this valve.</li>
+ <li>Configure the <a href="config/valve.html#Remote_Address_Valve">RemoteAddrValve</a>
+ in the <a href="config/context.html">context.xml</a> file for the
+ management application which limits access to localhost by default.
+ If remote access is required, limit it to specific IP addresses using
+ this valve.</li>
</ul>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org