tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kreuser, Peter" <pkreu...@airplus.com>
Subject AW: Restrict access to manager app by IP
Date Fri, 02 Sep 2016 13:24:34 GMT
Hi Yuval,


> -----Urspr√ľngliche Nachricht-----
> Von: Yuval Schwartz [mailto:yuval.schwartz@gmail.com] 
> Gesendet: Freitag, 2. September 2016 13:28
> An: Tomcat Users List
> Betreff: Restrict access to manager app by IP
> 
> Tomcat: 8.0.22
> JDK: 1.8.0_05
> 
> Hello,
> 
> I am currently running a web application.
> 
> I would like to restrict access to the manager app (it is currently being hit by spammers
every so often who are unable to connect (get a message "...an attempt was made to authenticate
the locked user")).
> 
> I was thinking of adding a "manager.xml" file to $CATALINA_BASE/conf/[enginename]/[hostname]/
that will contain the following context container:
> 
> <Context privileged="true" docBase="[path_to_manager]"> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
>  allow="[my_ip]"/>
> </Context>
> 
> Is this the correct way to achieve my goal of limiting access to the manager app to only
my IP.
> 
> Of course, I do not want the rest of my webapp's access limited (which is on the ROOT
path). I only want access to the manager app limited.
> 
> (I know I can also place the context container in my webapp's META-INF/context.xml file,
is there any preference to doing this over what I suggested above?)
> 
> Thank you
> _
>

That's the proposed solution for it. I don't think that you need the docbase - unless you
don't use the default location.

I think you will have to quote the . in the ip with backslash, like
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="10\.100\.17\.33|10\.100\.88\.92" />

Best regards

Peter
Mime
View raw message