Ok guys, just find the problem, thanks to your CSRF Hint.
So, it appears that Tomcat Manager is acting weird as soon as you pass
through a reverse proxy as am I.
If I change my DNS to straight point to Tomcat's Server and use the
HTTP-8080 interface, everything is running smoothly.
If I try the same thing using my NGINX proxy, is not working anymore.
The really strange thing here, is that on the Tomcat's log, I can see that
my proxy is correctly sending the client IP/Name and not its one, so I
don't really understand why the manager deny the upload.
So I'll now investigate on my proxy and sniff a little bit the HTTP
exchange to figure out where the error is coming from on my proxy.
Thanks a lot guys!
2014-02-07 Gaël THEROND <gael.ther...@gmail.com>:
> Yep, I'm able to visit the application list, but not upload or start an
> application.
>
> I'll take a look at this CSRF Protection hint.
>
> I'm using the default BASIC Auth provided by Tomcat to authenticate myself
> on the manager.
>
>
> 2014-02-07 Konstantin Kolinko <knst.koli...@gmail.com>:
>
> 2014-02-07 Gaël THEROND <gael.ther...@gmail.com>:
>> > Hello everyone,
>> >
>> > I'm facing a really strange issue since about two or three days now.
>> >
>> > I've got a Tomcat Server, which contain a virtualhost like this:
>> >
>> (....)
>> >
>> > If I start my tomcat instance, everything is fine, tomcat is launching
>> > correctly without error, and correctly create the virtual host under the
>> > ${catalina_base}/conf/Catalina/
>> >
>> > I can see on the catalina.out log file that tomcat even create the
>> > manager.xml to be able to have an isolated manager for this host.
>> >
>> > the manager.xml file is correct.
>> >
>> > However, if I try to upload a WAR I'm facing a 403 error coming from
>> tomcat.
>> > Where I didn't get it, it's that on my main manager everything is fine,
>> I
>> > can log in and load a WAR correctly.
>> >
>>
>> So, you are able to visit the "applications list" page in Manager, but
>> upload of a WAR file results in 403?
>>
>> The page 403 in manager can be result of CSRF protection,
>> For example, if your session has expired. The session is needed,
>> because CsrfPreventionFilter stores protection token in the session.
>>
>> I wonder whether SingleSignOn affects this.
>> What authentication schema are you using? The manager app uses BASIC by
>> default.
>>
>> Best regards,
>> Konstantin Kolinko
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
