Re: How to restrict access to specific webapp + denyStatus
Ohh, I see now! Thanks Mark and André! I'll plan to upgrade it! Diego On 10 Mar 2017, at 07:10, André Warnier (tomcat) <a...@ice-sa.com> wrote: > On 10.03.2017 11:04, Diego Gomes wrote: > Thanks Mark! > > In that link just say that is possible, but do not say how to get 404 and not > 403. No, what that link says, it that the denyStatus feature was only introduced in a later version of tomcat 7, than the one you are using. You should at least upgrade to the latest available tomcat 7 version, and preferably to the latest available tomcat version. See here : http://tomcat.apache.org/whichversion.html > > Diego > > On 10 Mar 2017, at 06:17, Mark Thomas <ma...@apache.org> wrote: > > On 09/03/17 23:51, Diego Gomes wrote: > > > >> My questions: >> >> - For the first statement, that configuration I did (Student.xml) is >> the correct way? > > Yes. > >> - Why the 404 denyStatus is not working? >> >> I am running tomcat 7.0.11 > > http://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?view=log > > Search for "denyStatus" > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to restrict access to specific webapp + denyStatus
Thanks Mark! In that link just say that is possible, but do not say how to get 404 and not 403. Diego On 10 Mar 2017, at 06:17, Mark Thomas <ma...@apache.org> wrote: On 09/03/17 23:51, Diego Gomes wrote: > My questions: > > - For the first statement, that configuration I did (Student.xml) is > the correct way? Yes. > - Why the 404 denyStatus is not working? > > I am running tomcat 7.0.11 http://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?view=log Search for "denyStatus" Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to restrict access to specific webapp + denyStatus
Hello guys! inside of my "/opt/tomcat7/webapps/" folder, I have many apps over there I would like to protect for instance, "Student" (/opt/tomcat7/webapps/Student) app to only allow specific IP address, so I did: "# vi /opt/tomcat7/conf/Catalina/localhost/Student.xml" and addedd: It is working, I am not able to access the https://server.domain.com/Student while I am not source = 127.0.0.1 [] But, My HTTP Status on Browser, does not show 404, always saying 403... My questions: - For the first statement, that configuration I did (Student.xml) is the correct way? - Why the 404 denyStatus is not working? I am running tomcat 7.0.11 Thanks! Diego
Protect Management
Hi all!!! I would like to know if is possible to protect/prevent access to https://server.com:PORT/manager from the Internet. I need to keep my webapp working for ANY but the management. server status, etc... just for 192.168.0.0/24 for instance. Is this possible? Another question is, to prevent brute force, there is a LockOutRealm, right? Where should I implement it and how? I am running Tomcat 7.0.70 Thanks! Diego
