> From: Rob G [mailto:robatgumt...@gmail.com] > Subject: Restrict access to Manager from local ip address (Tomcat > 6.0/Windows) > > <Context docBase="C:\tomcat1\webapps\manager" privileged="true"
Take out the docBase attribute - it's not allowed here. > <ResourceLink name="users" global="UserDatabase" > type="org.apache.catalina.UserDatabase"/> You don't need the above; that's for JNDI-accessed resources, not <Realm> usage. > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > allow="127\.0\.0\.1"/> > </Context> That should work (and does for me; see below). > I've also tried adding the text below to > C:\tomcat1\conf\Catalina\localhost\manager.xml You should remove, not modify, the above file when making changes to the webapps/manager directory; the one in conf/Catalina/localhost will override anything in META-INF/context.xml. > <Context path="/manager" docBase="C:\tomcat1\webapps\manager" > debug="0" privileged="true"> The path, docBase, and debug attributes are not allowed. After changing webapps/manager/META-INF/context.xml to the following: <Context antiResourceLocking="false" privileged="true"> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1,0\:0\:0\:0\:0\:0\:0\:1"/> </Context> I can access the manager from the same machine Tomcat is running on, but attempts from a remote browser receive the following: HTTP Status 403 - type Status report message description Access to the specified resource () has been forbidden. Apache Tomcat/6.0.24 Here's the related access log: 0:0:0:0:0:0:0:1 - admin [12/Mar/2010:09:12:55 -0600] "GET /manager/html HTTP/1.1" 200 13050 0:0:0:0:0:0:0:1 - - [12/Mar/2010:09:12:55 -0600] "GET /manager/images/tomcat.gif HTTP/1.1" 304 - 0:0:0:0:0:0:0:1 - - [12/Mar/2010:09:12:55 -0600] "GET /manager/images/asf-logo.gif HTTP/1.1" 304 - 172.17.142.99 - - [12/Mar/2010:09:13:30 -0600] "GET /manager/html HTTP/1.1" 403 964 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
