Thank you very much for your assistance. Regards Kerapetse
On Fri, Mar 17, 2017 at 10:50 AM, Olaf Kock <tom...@olafkock.de> wrote: > > > Am 17.03.2017 um 09:44 schrieb Kerapetse Phorano: > > Ok i see that. > > So if that is the case how do i access tomcat outside the localhost? > > > > Regards, > > Kerapetse > > > > On Fri, Mar 17, 2017 at 9:44 AM, Olaf Kock <tom...@olafkock.de> wrote: > > > >> Am 17.03.2017 um 07:04 schrieb Kerapetse Phorano: > >>> I have set up an "admin" user with a password. The manager runs > properly > >> on > localhost but the error comes if it is accessed from a different > PC. > >> The manager app is deliberately preconfigured to only be available from > >> localhost. If you open webapps/manager/META-INF/context.xml, you'll > find > >> > >> <Context antiResourceLocking="false" privileged="true" > > >> <Valve className="org.apache.catalina.valves.RemoteAddrValve" > >> allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> > >> </Context> > >> > >> which effectively denotes localhost in both IPV4 and IPV6 notation as > >> the only allowed host accessing the application. > >> > >> Olaf > > 1. You question if this is really necessary, as the manager application > will only be used at selected times for system administration - and > uncomfortable system administration typically means uncomfortable > hacking as well. It's just unnecessary to provide this attack surface to > the world. > 2. you really really really secure your application (e.g. configure a > secure password, https, limit access through the firewall etc) > 3. you configure the Valve element to include the IP address that you > want to allow access, apart from localhost. > 4. you remove the Valve element from context.xml > > It's totally fine not to execute all 4 steps - in fact, it'd be preferred. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
