tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: svn commit: r1060627 - in /tomcat/trunk/webapps: docs/changelog.xml host-manager/META-INF/context.xml manager/META-INF/context.xml
Date Wed, 19 Jan 2011 00:04:15 GMT
On 19/01/2011 00:00, markt@apache.org wrote:
> Author: markt
> Date: Wed Jan 19 00:00:59 2011
> New Revision: 1060627
> 
> URL: http://svn.apache.org/viewvc?rev=1060627&view=rev
> Log:
> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=22278
> Add a commented out RemoteAddrValve that limits access to the Manager and Host Manager
applications to localhost.
> Based on a patch by Yann C├ębron.

I thought about extending this and enabling the Valve by default along
with adding additional information to the 403 error page.

Whilst I like to from a security point of view, I do wonder how much
stuff it would break for users and how much traffic it would generate on
the users list.

Thoughts?

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message