Thanks for the suggestions Chuck. Below is my reply inline.
As you may have guessed out I am a newbie and this is turning out to be really interesting and educational. :) -- jM. On Sun, Jul 18, 2010 at 12:31 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > > From: Johan Martinez [mailto:jmart...@gmail.com] > > Subject: Re: IP based request filters for admin/manager > > > > I don't want to replace the default ROOT webapp, in other > > words, I don't want my specific webapp to be ROOT app. > > A little odd, but if that's your choice... > There are multiple webapps and all are being deployed/accessed using some specific names. Clients are configured with these specific URL patterns. So ROOT webapp is not needed. > > But I would like to restrict/hide information normally > > exposed by the default ROOT webapp. > > All of what Tomcat's default ROOT has, or just some of it? > > For all of it, just place a <Context> element in > webapps/ROOT/META-INF/context.xml, configuring the valve you already know > about. (Do not use path or docBase attributes here - they're not allowed.) > If you only want to restrict some of it, but don't want to use > authentication, you'll need to write a more sophisticated filter. There's > no need to move or rename ROOT, unless you're just trying to obscure things > (and security through obscurity is a fool's game). > Thanks for pointing out this approach. > > I removed 'manager' from webapps directory. > > What version of Tomcat are you using? If you're using 5.5.x (hinted at by > your previous message's reference to a doc page), the manager webapp is in > server/webapps, not the regular webapps directory. If you're using a newer > Tomcat (and you probably should be), manager is under the regular webapps > directory. > > > Now I am not able to access http://hostname/manager > > You never could - that will always get you a 404 (at least until Tomcat > 7.0.1 comes out). > > > but http://hostname/manager/html works. > > That's the valid URL for the manager GUI. Looks like you didn't really get > rid of it. > Checked $CATALINA_HOME/conf/Catalina/localhost/manager.xml and found "<Context docBase="${catalina.home}/server/webapps/manager" entry. I thought I removed manager app, but not really... > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
