You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Ockleford Paul (NHS Connecting for Health)" <pa...@nhs.net> on 2009/03/25 09:34:47 UTC
URL: /manager/html
Hi,
We have tomcat 5.5.17 installed, and all requests for "/" are forwarded to a login page that we maintain, so it was assumed that the manager application was not accessible, however if I put https://webapp:8443/manager/html a login prompt pops up.
I dont see any mapping for this url in our server.xml, so where is this being handled?
Can anyone explain?
Thanks,
Paul
**********************************************************************
This message may contain confidential and privileged information.
If you are not the intended recipient please accept our apologies.
Please do not disclose, copy or distribute information in this e-mail
or take any action in reliance on its contents: to do so is strictly
prohibited and may be unlawful. Please inform us that this message has
gone astray before deleting it. Thank you for your co-operation.
NHSmail is used daily by over 100,000 staff in the NHS. Over a million
messages are sent every day by the system. To find out why more and
more NHS personnel are switching to this NHS Connecting for Health
system please visit www.connectingforhealth.nhs.uk/nhsmail
**********************************************************************
Re: URL: /manager/html
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul,
On 3/25/2009 9:00 AM, Ockleford Paul (NHS Connecting for Health) wrote:
> I edited the url context:
What is the URL context?
> <Context docBase="/applications/healthspace"
Do you mean you changed the docbase? Why didn't you just undeploy the
manager application completely?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknKLowACgkQ9CaO5/Lv0PCOUgCfVNBq0Vx/oNu0CYOrXghlwcgi
HmUAoLYKke5pTBf0n8JRA8H9T3ywiwXn
=VXu9
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: URL: /manager/html
Posted by "Ockleford Paul (NHS Connecting for Health)" <pa...@nhs.net>.
Hi Chris,
I edited the url context:
<Context docBase="/applications/healthspace"
privileged="true" antiResourceLocking="false" antiJARLocking="false">
<!-- Link to the user database we will get roles from -->
<ResourceLink name="users" global="UserDatabase"
type="org.apache.catalina.UserDatabase"/>
Paul Ockleford
Developer
Systems and Service Delivery
NHS Connecting for Health
01392 206977
paul.ockleford@nhs.net
www.connectingforhealth.nhs.uk
NHS Connecting for Health supports the NHS in providing better, safer care by delivering computer systems and services which improve the way patient information is stored and accessed.
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: 25 March 2009 12:39
To: Tomcat Users List
Subject: Re: URL: /manager/html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul,
On 3/25/2009 8:35 AM, Ockleford Paul (NHS Connecting for Health) wrote:
> Yes the forward for / is to our web app, I edited the file
> /tomcat/conf/Catalina/localhost/manger.xml to forward on any request
> to our admin login page.
Exactly how did you do that?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknKJfwACgkQ9CaO5/Lv0PCFYgCeNWGCOdoQNxemo9qkRP3vdi5e
7IAAoL9OMr7gRNpgJ24YDX3mktSV9Xrw
=bz3G
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
**********************************************************************
This message may contain confidential and privileged information.
If you are not the intended recipient please accept our apologies.
Please do not disclose, copy or distribute information in this e-mail
or take any action in reliance on its contents: to do so is strictly
prohibited and may be unlawful. Please inform us that this message has
gone astray before deleting it. Thank you for your co-operation.
NHSmail is used daily by over 100,000 staff in the NHS. Over a million
messages are sent every day by the system. To find out why more and
more NHS personnel are switching to this NHS Connecting for Health
system please visit www.connectingforhealth.nhs.uk/nhsmail
**********************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: URL: /manager/html
Posted by "Ockleford Paul (NHS Connecting for Health)" <pa...@nhs.net>.
Hey thanks again!
All of our tomcat servers run on a private network for the health service so nothing hits the internet ever so I guess we would never make it onto their stats anyway.
The only reason I would like to hide it is paranoia really, as we have the pen test they will undoubtedly report that they found the tomcat version and will look around for some exploit (whether one exists I don't know!) but they do produce a report to management.
**********************************************************************
This message may contain confidential and privileged information.
If you are not the intended recipient please accept our apologies.
Please do not disclose, copy or distribute information in this e-mail
or take any action in reliance on its contents: to do so is strictly
prohibited and may be unlawful. Please inform us that this message has
gone astray before deleting it. Thank you for your co-operation.
NHSmail is used daily by over 100,000 staff in the NHS. Over a million
messages are sent every day by the system. To find out why more and
more NHS personnel are switching to this NHS Connecting for Health
system please visit www.connectingforhealth.nhs.uk/nhsmail
**********************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: URL: /manager/html
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul,
On 3/25/2009 10:10 AM, Ockleford Paul (NHS Connecting for Health) wrote:
> If I set the server value to "" I am guessing this will stop the sending of the server version.
Correct, though it might send "Server: " which has the same effect.
I would recommend setting it to simply "Tomcat" or even "Tomcat 5" if
you don't want to disclose certain portions of the version number. I
like advertising part of it so that netcraft can get good data :)
Is there a particular reason you want to hide the server version?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknKPFMACgkQ9CaO5/Lv0PCJ1ACfVew5NHqMqQv9DVwH5BIenNXA
w7IAnRAxeesCVLdWZoR2kARKgkDbAFua
=mXeA
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: URL: /manager/html
Posted by "Ockleford Paul (NHS Connecting for Health)" <pa...@nhs.net>.
Hi again!
I got it, I was looking at the wrong connector doc..
server
The Server header for the http response. Unless you are paranoid, you won't need this feature.
If I set the server value to "" I am guessing this will stop the sending of the server version.
Cheers
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: 25 March 2009 13:38
To: Tomcat Users List
Subject: Re: URL: /manager/html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul,
On 3/25/2009 9:24 AM, Ockleford Paul (NHS Connecting for Health) wrote:
> Thanks again, we don't want to use it at all
Then undeploy it:
1. Stop Tomcat
2. Remove the file $CATALINA_HOME/conf/[enginename]/[hostname]/manager.xml
(I would recommend moving it somewhere, in case you want to bring it back at some point).
You might want to look at any other applications that are deployed by default. Any .xml files in that directory will deploy other applications. You should remove anything you don't need.
> browsing to the url reported a tomcat standard error page that
> revealed the tomcat version we are using. That is something they will
> pick up on during the test and is something we hadn't noticed before.
Have you changed the "server" attribute of your <Connector>s? If not, your HTTP headers are likely revealing the Tomcat version you are using.
Is that a big deal?
> How would I undeploy the entire app so that browsing to the url
> /manager/ would not result in a standard error page?
Unless you have deployed your own webapp as the ROOT webapp, you will get 404 errors that might contain this information. If you *do* have your webapp deployed as ROOT, then your own <error-page> configuration from web.xml should be able to take care of 404 errors and show whatever page you'd rather see.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknKM9IACgkQ9CaO5/Lv0PDs/gCgtUqAgtKhcr1Da6xYmICUrSuv
qKMAnR4MSCfvowvjU4m0kHoxw/ApJN2J
=Ynzv
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
**********************************************************************
This message may contain confidential and privileged information.
If you are not the intended recipient please accept our apologies.
Please do not disclose, copy or distribute information in this e-mail
or take any action in reliance on its contents: to do so is strictly
prohibited and may be unlawful. Please inform us that this message has
gone astray before deleting it. Thank you for your co-operation.
NHSmail is used daily by over 100,000 staff in the NHS. Over a million
messages are sent every day by the system. To find out why more and
more NHS personnel are switching to this NHS Connecting for Health
system please visit www.connectingforhealth.nhs.uk/nhsmail
**********************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: URL: /manager/html
Posted by "Ockleford Paul (NHS Connecting for Health)" <pa...@nhs.net>.
Hi,
Thanks for the replies from both of you (Chris and Chuck). One final question, what attribute of the server element would I need to change if I wanted to stop the tomcat version being reported in the http header? Looking at the docs there are only 4 attributes, is it classname? Would I need to implement a custom class if so?
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: 25 March 2009 13:38
To: Tomcat Users List
Subject: Re: URL: /manager/html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul,
On 3/25/2009 9:24 AM, Ockleford Paul (NHS Connecting for Health) wrote:
> Thanks again, we don't want to use it at all
Then undeploy it:
1. Stop Tomcat
2. Remove the file $CATALINA_HOME/conf/[enginename]/[hostname]/manager.xml
(I would recommend moving it somewhere, in case you want to bring it back at some point).
You might want to look at any other applications that are deployed by default. Any .xml files in that directory will deploy other applications. You should remove anything you don't need.
> browsing to the url reported a tomcat standard error page that
> revealed the tomcat version we are using. That is something they will
> pick up on during the test and is something we hadn't noticed before.
Have you changed the "server" attribute of your <Connector>s? If not, your HTTP headers are likely revealing the Tomcat version you are using.
Is that a big deal?
> How would I undeploy the entire app so that browsing to the url
> /manager/ would not result in a standard error page?
Unless you have deployed your own webapp as the ROOT webapp, you will get 404 errors that might contain this information. If you *do* have your webapp deployed as ROOT, then your own <error-page> configuration from web.xml should be able to take care of 404 errors and show whatever page you'd rather see.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknKM9IACgkQ9CaO5/Lv0PDs/gCgtUqAgtKhcr1Da6xYmICUrSuv
qKMAnR4MSCfvowvjU4m0kHoxw/ApJN2J
=Ynzv
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
**********************************************************************
This message may contain confidential and privileged information.
If you are not the intended recipient please accept our apologies.
Please do not disclose, copy or distribute information in this e-mail
or take any action in reliance on its contents: to do so is strictly
prohibited and may be unlawful. Please inform us that this message has
gone astray before deleting it. Thank you for your co-operation.
NHSmail is used daily by over 100,000 staff in the NHS. Over a million
messages are sent every day by the system. To find out why more and
more NHS personnel are switching to this NHS Connecting for Health
system please visit www.connectingforhealth.nhs.uk/nhsmail
**********************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: URL: /manager/html
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul,
On 3/25/2009 9:24 AM, Ockleford Paul (NHS Connecting for Health) wrote:
> Thanks again, we don't want to use it at all
Then undeploy it:
1. Stop Tomcat
2. Remove the file $CATALINA_HOME/conf/[enginename]/[hostname]/manager.xml
(I would recommend moving it somewhere, in case you want to bring it
back at some point).
You might want to look at any other applications that are deployed by
default. Any .xml files in that directory will deploy other
applications. You should remove anything you don't need.
> browsing to the url reported a tomcat standard
> error page that revealed the tomcat version we are using. That is
> something they will pick up on during the test and is something we
> hadn't noticed before.
Have you changed the "server" attribute of your <Connector>s? If not,
your HTTP headers are likely revealing the Tomcat version you are using.
Is that a big deal?
> How would I undeploy the entire app so that browsing to the url
> /manager/ would not result in a standard error page?
Unless you have deployed your own webapp as the ROOT webapp, you will
get 404 errors that might contain this information. If you *do* have
your webapp deployed as ROOT, then your own <error-page> configuration
from web.xml should be able to take care of 404 errors and show whatever
page you'd rather see.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknKM9IACgkQ9CaO5/Lv0PDs/gCgtUqAgtKhcr1Da6xYmICUrSuv
qKMAnR4MSCfvowvjU4m0kHoxw/ApJN2J
=Ynzv
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: URL: /manager/html
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Ockleford Paul (NHS Connecting for Health)
> [mailto:paul.ockleford@nhs.net]
> Subject: RE: URL: /manager/html
>
> How would I undeploy the entire app so that browsing to the
> url /manager/ would not result in a standard error page?
Just delete the manager webapp:
1) remove server/webapps/manager
2) remove conf/Catalina/localhost/manager.xml
3) remove work/Catalina/localhost/manager
4) restart Tomcat
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: URL: /manager/html
Posted by "Ockleford Paul (NHS Connecting for Health)" <pa...@nhs.net>.
Hi Chris,
Thanks again, we don't want to use it at all, and the problem stemmed only from the fact that we have a pen test due and although the manager app wasn't actually accessible (we never changed the tomcat-users file) browsing to the url reported a tomcat standard error page that revealed the tomcat version we are using. That is something they will pick up on during the test and is something we hadnt noticed before.
How would I undeploy the entire app so that browsing to the url /manager/ would not result in a standard error page?
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: 25 March 2009 13:18
To: Tomcat Users List
Subject: Re: URL: /manager/html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul,
On 3/25/2009 9:01 AM, Ockleford Paul (NHS Connecting for Health) wrote:
> When I say forward on any request that is actually probably a
> misleading statement, I changed the url context for the manager web
> application to point to our web app that handles any contexts from
> that point on.
Yeah, I'm confused. Let's start over:
Do you want the manager app to run at all? If not, just undeploy it.
They you don't have to worry about anyone accessing it.
If you do want it to run, but you want people to authenticate against your application before using it, you'll need to set up a more complicated authentication/authorization configuration.
If you want the manager app available only for certain people, I would configure the security for the manager app separately from your main application, and lock it down appropriately (for instance, allow connections only from known IPs, etc.).
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknKLwkACgkQ9CaO5/Lv0PCbMgCaAr4fK8O3mszC1b9LSlQtWrOj
fFcAniow7ep1u621HL6si5CszDXRN427
=MRF0
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
**********************************************************************
This message may contain confidential and privileged information.
If you are not the intended recipient please accept our apologies.
Please do not disclose, copy or distribute information in this e-mail
or take any action in reliance on its contents: to do so is strictly
prohibited and may be unlawful. Please inform us that this message has
gone astray before deleting it. Thank you for your co-operation.
NHSmail is used daily by over 100,000 staff in the NHS. Over a million
messages are sent every day by the system. To find out why more and
more NHS personnel are switching to this NHS Connecting for Health
system please visit www.connectingforhealth.nhs.uk/nhsmail
**********************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: URL: /manager/html
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul,
On 3/25/2009 9:01 AM, Ockleford Paul (NHS Connecting for Health) wrote:
> When I say forward on any request that is actually probably a
> misleading statement, I changed the url context for the manager web
> application to point to our web app that handles any contexts from
> that point on.
Yeah, I'm confused. Let's start over:
Do you want the manager app to run at all? If not, just undeploy it.
They you don't have to worry about anyone accessing it.
If you do want it to run, but you want people to authenticate against
your application before using it, you'll need to set up a more
complicated authentication/authorization configuration.
If you want the manager app available only for certain people, I would
configure the security for the manager app separately from your main
application, and lock it down appropriately (for instance, allow
connections only from known IPs, etc.).
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknKLwkACgkQ9CaO5/Lv0PCbMgCaAr4fK8O3mszC1b9LSlQtWrOj
fFcAniow7ep1u621HL6si5CszDXRN427
=MRF0
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: URL: /manager/html
Posted by "Ockleford Paul (NHS Connecting for Health)" <pa...@nhs.net>.
When I say forward on any request that is actually probably a misleading statement, I changed the url context for the manager web application to point to our web app that handles any contexts from that point on.
Paul Ockleford
Developer
Systems and Service Delivery
NHS Connecting for Health
01392 206977
paul.ockleford@nhs.net
www.connectingforhealth.nhs.uk
NHS Connecting for Health supports the NHS in providing better, safer care by delivering computer systems and services which improve the way patient information is stored and accessed.
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: 25 March 2009 12:39
To: Tomcat Users List
Subject: Re: URL: /manager/html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul,
On 3/25/2009 8:35 AM, Ockleford Paul (NHS Connecting for Health) wrote:
> Yes the forward for / is to our web app, I edited the file
> /tomcat/conf/Catalina/localhost/manger.xml to forward on any request
> to our admin login page.
Exactly how did you do that?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknKJfwACgkQ9CaO5/Lv0PCFYgCeNWGCOdoQNxemo9qkRP3vdi5e
7IAAoL9OMr7gRNpgJ24YDX3mktSV9Xrw
=bz3G
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
**********************************************************************
This message may contain confidential and privileged information.
If you are not the intended recipient please accept our apologies.
Please do not disclose, copy or distribute information in this e-mail
or take any action in reliance on its contents: to do so is strictly
prohibited and may be unlawful. Please inform us that this message has
gone astray before deleting it. Thank you for your co-operation.
NHSmail is used daily by over 100,000 staff in the NHS. Over a million
messages are sent every day by the system. To find out why more and
more NHS personnel are switching to this NHS Connecting for Health
system please visit www.connectingforhealth.nhs.uk/nhsmail
**********************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: URL: /manager/html
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul,
On 3/25/2009 8:35 AM, Ockleford Paul (NHS Connecting for Health) wrote:
> Yes the forward for / is to our web app, I edited the file
> /tomcat/conf/Catalina/localhost/manger.xml to forward on any request
> to our admin login page.
Exactly how did you do that?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknKJfwACgkQ9CaO5/Lv0PCFYgCeNWGCOdoQNxemo9qkRP3vdi5e
7IAAoL9OMr7gRNpgJ24YDX3mktSV9Xrw
=bz3G
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: URL: /manager/html
Posted by "Ockleford Paul (NHS Connecting for Health)" <pa...@nhs.net>.
Hi Chris,
Thanks for that. Yes the forward for / is to our web app, I edited the file /tomcat/conf/Catalina/localhost/manger.xml to forward on any request to our admin login page.
Thanks for the link.
Paul
Paul Ockleford
Developer
Systems and Service Delivery
NHS Connecting for Health
01392 206977
paul.ockleford@nhs.net
www.connectingforhealth.nhs.uk
NHS Connecting for Health supports the NHS in providing better, safer care by delivering computer systems and services which improve the way patient information is stored and accessed.
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: 25 March 2009 12:06
To: Tomcat Users List
Subject: Re: URL: /manager/html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul,
On 3/25/2009 4:34 AM, Ockleford Paul (NHS Connecting for Health) wrote:
> We have tomcat 5.5.17 installed, and all requests for "/" are
> forwarded to a login page that we maintain, so it was assumed that the
> manager application was not accessible, however if I put
> https://webapp:8443/manager/html a login prompt pops up.
Do you mean you see /your/ login page, or some other one? When you say "all requests for / are redirected", do you mean this is being done in your own webapp, or at a higher-level (Tomcat or maybe a web server out front)?
> I don't see any mapping for this URL in our server.xml, so where is
> this being handled?
If the manager application is deployed, then you are likely to be able to access it. Tomcat deploys applications in 4 ways:
1. Any <Context> defined in server.xml
2. Any APP.war found in the webapps directory, if auto-deploy is true 3. Any APP.xml found in $CATALINA_HOME/conf/[enginename]/[hostname]/
My guess is that #3 is in play, here. You can find more information on webapp deployment in the introduction section of this page:
http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknKHhoACgkQ9CaO5/Lv0PD1WACfbbEPKwwo8eacJrXiDQ67gHig
K8YAoJqC31NjYuqCopNiFJpAkRzpU4a5
=ISf+
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
**********************************************************************
This message may contain confidential and privileged information.
If you are not the intended recipient please accept our apologies.
Please do not disclose, copy or distribute information in this e-mail
or take any action in reliance on its contents: to do so is strictly
prohibited and may be unlawful. Please inform us that this message has
gone astray before deleting it. Thank you for your co-operation.
NHSmail is used daily by over 100,000 staff in the NHS. Over a million
messages are sent every day by the system. To find out why more and
more NHS personnel are switching to this NHS Connecting for Health
system please visit www.connectingforhealth.nhs.uk/nhsmail
**********************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: URL: /manager/html
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul,
On 3/25/2009 4:34 AM, Ockleford Paul (NHS Connecting for Health) wrote:
> We have tomcat 5.5.17 installed, and all requests for "/" are
> forwarded to a login page that we maintain, so it was assumed that
> the manager application was not accessible, however if I put
> https://webapp:8443/manager/html a login prompt pops up.
Do you mean you see /your/ login page, or some other one? When you say
"all requests for / are redirected", do you mean this is being done in
your own webapp, or at a higher-level (Tomcat or maybe a web server out
front)?
> I don't see any mapping for this URL in our server.xml, so where is
> this being handled?
If the manager application is deployed, then you are likely to be able
to access it. Tomcat deploys applications in 4 ways:
1. Any <Context> defined in server.xml
2. Any APP.war found in the webapps directory, if auto-deploy is true
3. Any APP.xml found in $CATALINA_HOME/conf/[enginename]/[hostname]/
My guess is that #3 is in play, here. You can find more information on
webapp deployment in the introduction section of this page:
http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAknKHhoACgkQ9CaO5/Lv0PD1WACfbbEPKwwo8eacJrXiDQ67gHig
K8YAoJqC31NjYuqCopNiFJpAkRzpU4a5
=ISf+
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org