You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by m zyzy <my...@gmail.com> on 2009/05/09 10:23:29 UTC

enable only localhost access to tomcat 6.0.18 /manager in win32

I am using win32 server (Server 2008 Enterprise SP1)
and tomcat 6.0.18 (extracted from zip) .
I am a newbie in tomcat who use the bundled manager application as
often as I can to deploy /undeploy webapp or simply to manage it. As I
set a hard-to-guess password and username in the tomcat-users.xml ,
but still it is only a basic insecure authentication (basic
authentication without a secure connection-that's how win2008 explain
to me in the manager login dialog pop-up) , obviously it is not
enough.
Now , I want the /manager webapp only be accesible from localhost only
( but other webapp must be accessible from outside whether private LAN
or Internet)  ,but how ?
or at least accessible only from the same subnet / private LAN / per gateway ?
Thanks .

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: enable only localhost access to tomcat 6.0.18 /manager in win32

Posted by "Caldarale, Charles R" <Ch...@unisys.com>.

> From: m zyzy [mailto:myzyzy@gmail.com]
> Subject: enable only localhost access to tomcat 6.0.18 /manager in
> win32

> Now , I want the /manager webapp only be accesible from localhost only
> ( but other webapp must be accessible from outside whether private LAN
> or Internet)  ,but how ?

Use the RemoteAddrValve:
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote%20Address%20Filter

Put it inside the manager's <Context> element in webapps/manager/META-INF/context.xml; the file should look something like this when you're done:

<Context antiResourceLocking="false" privileged="true">
  <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1"/>
</Context>

Note that the periods in the IP address are escaped since this is a regular expression.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org