This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Tomcat and the fly likes restricting access to manager and admin Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "restricting access to manager and admin" Watch "restricting access to manager and admin" New topic
Author

restricting access to manager and admin

Tobin Jackson
Greenhorn

Joined: Sep 01, 2004
Posts: 17
Hello everyone,

I placed the following "Valve" tag in my manager.xml context file.



However, when I try to access the manager app locally i get the big "403:forbidden"... Comment it out and I'm in

I'm using Tomcat 5.0.27/linux. Any ideas?

Tobin
Surasak Leenapongpanit
Ranch Hand

Joined: May 10, 2002
Posts: 341

In addition to the password restrictions the manager web application could be restricted by the remote IP address or host by adding a RemoteAddrValve or RemoteHostValve. Here is an example of restricting access to the localhost by IP address:

<Context path="/manager" debug="0" privileged="true"
docBase="/usr/local/kinetic/tomcat5/server/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127.0.0.1"/>
</Context>


 
It is sorta covered in the JavaRanch Style Guide.
 
subject: restricting access to manager and admin
 
Similar Threads
Tomcat - sessions do not expire
Tomcat security
RewriteValve inclusion causing JBoss 4.2.2 startup failure
How to view http requests log in JBoss
filter for j_security_check