Hi Yuval,

> -----Ursprüngliche Nachricht-----
> Von: Yuval Schwartz [mailto:yuval.schwa...@gmail.com] 
> Gesendet: Freitag, 2. September 2016 13:28
> An: Tomcat Users List
> Betreff: Restrict access to manager app by IP
> 
> Tomcat: 8.0.22
> JDK: 1.8.0_05
> 
> Hello,
> 
> I am currently running a web application.
> 
> I would like to restrict access to the manager app (it is currently being hit 
> by spammers every so often who are unable to connect (get a message "...an 
> attempt was made to authenticate the locked user")).
> 
> I was thinking of adding a "manager.xml" file to 
> $CATALINA_BASE/conf/[enginename]/[hostname]/ that will contain the following 
> context container:
> 
> <Context privileged="true" docBase="[path_to_manager]"> <Valve 
> className="org.apache.catalina.valves.RemoteAddrValve"
>  allow="[my_ip]"/>
> </Context>
> 
> Is this the correct way to achieve my goal of limiting access to the manager 
> app to only my IP.
> 
> Of course, I do not want the rest of my webapp's access limited (which is on 
> the ROOT path). I only want access to the manager app limited.
> 
> (I know I can also place the context container in my webapp's 
> META-INF/context.xml file, is there any preference to doing this over what I 
> suggested above?)
> 
> Thank you
> _
>

That's the proposed solution for it. I don't think that you need the docbase - 
unless you don't use the default location.

I think you will have to quote the . in the ip with backslash, like
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="10\.100\.17\.33|10\.100\.88\.92" />

Best regards

Peter

Reply via email to