Am 17.03.2017 um 09:44 schrieb Kerapetse Phorano: > Ok i see that. > So if that is the case how do i access tomcat outside the localhost? > > Regards, > Kerapetse > > On Fri, Mar 17, 2017 at 9:44 AM, Olaf Kock <tom...@olafkock.de> wrote: > >> Am 17.03.2017 um 07:04 schrieb Kerapetse Phorano: >>> I have set up an "admin" user with a password. The manager runs properly >> on > localhost but the error comes if it is accessed from a different PC. >> The manager app is deliberately preconfigured to only be available from >> localhost. If you open webapps/manager/META-INF/context.xml, you'll find >> >> <Context antiResourceLocking="false" privileged="true" > >> <Valve className="org.apache.catalina.valves.RemoteAddrValve" >> allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> >> </Context> >> >> which effectively denotes localhost in both IPV4 and IPV6 notation as >> the only allowed host accessing the application. >> >> Olaf
1. You question if this is really necessary, as the manager application will only be used at selected times for system administration - and uncomfortable system administration typically means uncomfortable hacking as well. It's just unnecessary to provide this attack surface to the world. 2. you really really really secure your application (e.g. configure a secure password, https, limit access through the firewall etc) 3. you configure the Valve element to include the IP address that you want to allow access, apart from localhost. 4. you remove the Valve element from context.xml It's totally fine not to execute all 4 steps - in fact, it'd be preferred. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
