> -----Original Message----- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Tuesday, September 06, 2016 12:30 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Restrict access to manager app by IP > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Yuval, > > On 9/2/16 9:29 AM, Yuval Schwartz wrote: > > Thanks. I'll give it a shot and let you guys know how it goes. Any > > input on whether I should put this in my applications context.xml > > or in my [host] directory? > > I would do it in the application. Unless you have a particular reason > to manually-place the application's context.xml file into > conf/[engine]/[host]/[app].xml, allow Tomcat to do that for you. > > - -chris Chris -
Isn't the Tomcat "/manager" an app separate from the user's webapp? Thus the need for the manager.xml in conf/[engine]/[host] directory? Yuval: what you were proposing is the way I have done it. Just make sure you specify the regular expression correctly. Jeff > > > On Fri, Sep 2, 2016 at 4:24 PM, Kreuser, Peter > > <pkreu...@airplus.com> wrote: > > > >> Hi Yuval, > >> > >> > >>> -----Ursprüngliche Nachricht----- Von: Yuval Schwartz > >>> [mailto:yuval.schwa...@gmail.com] Gesendet: Freitag, 2. > >>> September 2016 13:28 An: Tomcat Users List Betreff: Restrict > >>> access to manager app by IP > >>> > >>> Tomcat: 8.0.22 JDK: 1.8.0_05 > >>> > >>> Hello, > >>> > >>> I am currently running a web application. > >>> > >>> I would like to restrict access to the manager app (it is > >>> currently > >> being hit by spammers every so often who are unable to connect > >> (get a message "...an attempt was made to authenticate the locked > >> user")). > >>> > >>> I was thinking of adding a "manager.xml" file to > >>> $CATALINA_BASE/conf/[enginename]/[hostname]/ > >> that will contain the following context container: > >>> > >>> <Context privileged="true" docBase="[path_to_manager]"> <Valve > >> className="org.apache.catalina.valves.RemoteAddrValve" > >>> allow="[my_ip]"/> </Context> > >>> > >>> Is this the correct way to achieve my goal of limiting access > >>> to the > >> manager app to only my IP. > >>> > >>> Of course, I do not want the rest of my webapp's access limited > >>> (which > >> is on the ROOT path). I only want access to the manager app > >> limited. > >>> > >>> (I know I can also place the context container in my webapp's > >> META-INF/context.xml file, is there any preference to doing this > >> over what I suggested above?) > >>> > >>> Thank you _ > >>> > >> > >> That's the proposed solution for it. I don't think that you need > >> the docbase - unless you don't use the default location. > >> > >> I think you will have to quote the . in the ip with backslash, > >> like <Valve > >> className="org.apache.catalina.valves.RemoteAddrValve" > >> allow="10\.100\.17\.33|10\.100\.88\.92" /> > >> > >> Best regards > >> > >> Peter > >> > > > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJXzv0QAAoJEBzwKT+lPKRYzmAP/j8dKzBSD6tVZ/BgIy+zMugt > sSKse+GWF52mPs3bhTx6Mghil0pLxCL8kROHUVVPrq8DknGf81qaSsxCqEgi7r6r > ZnK8YYG0GAVFbUjDHcBGDtD4jGV+S7Vwfp7CxJqdpuM2XAzU/EX+A2vwsDxm96Hg > bNhZ0Dv1xeErKzH+X6zcEeqSGXS411dxfH86zpoQrispygSEzFQ4eZ+qXcg/39rO > ukN2L6gkeN0wo4rqLTTIEOz/qoIqWjB7Oi+DQFEZWxSQuFeM2XHZ6XcVR7W6D+zN > AmiKuFQp6jrsmnpIaWWdLk5BGAogb0aGTE6sgBhYuutLvB9JA4XqCq57fzlR8y58 > eR2hoTlEdqs8hSvllOBpyYoZdoOlpdCEHoTc/6LEMP+JIFL7QAy+/wQNXJv8XeQ7 > BKFlkSceNvRWLdYFi4q2aVIgr1ZtgzP5VwZjMNVyeO5/oYzKp0PS7+3s52rBs3At > Jj7WuqUDob6ZMp5Q4DgM2SCK1xe0Q1bgooJMC8zaxyyzfPcY1i3DiIls/RTXPd47 > fGnHEIHSrkDbsMq3Jxr+3pCWukZqRsnWcMIzORRHWEGlDF2NidnC5h1M7y0p7yhO > erjwuLmDwwNZzpWMhjjMPB6avoiy46wa+lhIjbCyuCLiJGp1gIkFfcIUsvXxkKFq > BYUo344Ks4Vjvk40V1Nz > =gIMk > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
