Tomcat: 8.0.22 JDK: 1.8.0_05 Hello,
I am currently running a web application. I would like to restrict access to the manager app (it is currently being hit by spammers every so often who are unable to connect (get a message "...an attempt was made to authenticate the locked user")). I was thinking of adding a "manager.xml" file to $CATALINA_BASE/conf/[enginename]/[hostname]/ that will contain the following context container: <Context privileged="true" docBase="[path_to_manager]"> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="[my_ip]"/> </Context> Is this the correct way to achieve my goal of limiting access to the manager app to only my IP. Of course, I do not want the rest of my webapp's access limited (which is on the ROOT path). I only want access to the manager app limited. (I know I can also place the context container in my webapp's META-INF/context.xml file, is there any preference to doing this over what I suggested above?) Thank you _
