Hello Peter, Thanks. I'll give it a shot and let you guys know how it goes. Any input on whether I should put this in my applications context.xml or in my [host] directory?
Thank you. On Fri, Sep 2, 2016 at 4:24 PM, Kreuser, Peter <pkreu...@airplus.com> wrote: > Hi Yuval, > > > > -----Ursprüngliche Nachricht----- > > Von: Yuval Schwartz [mailto:yuval.schwa...@gmail.com] > > Gesendet: Freitag, 2. September 2016 13:28 > > An: Tomcat Users List > > Betreff: Restrict access to manager app by IP > > > > Tomcat: 8.0.22 > > JDK: 1.8.0_05 > > > > Hello, > > > > I am currently running a web application. > > > > I would like to restrict access to the manager app (it is currently > being hit by spammers every so often who are unable to connect (get a > message "...an attempt was made to authenticate the locked user")). > > > > I was thinking of adding a "manager.xml" file to > > $CATALINA_BASE/conf/[enginename]/[hostname]/ > that will contain the following context container: > > > > <Context privileged="true" docBase="[path_to_manager]"> <Valve > className="org.apache.catalina.valves.RemoteAddrValve" > > allow="[my_ip]"/> > > </Context> > > > > Is this the correct way to achieve my goal of limiting access to the > manager app to only my IP. > > > > Of course, I do not want the rest of my webapp's access limited (which > is on the ROOT path). I only want access to the manager app limited. > > > > (I know I can also place the context container in my webapp's > META-INF/context.xml file, is there any preference to doing this over what > I suggested above?) > > > > Thank you > > _ > > > > That's the proposed solution for it. I don't think that you need the > docbase - unless you don't use the default location. > > I think you will have to quote the . in the ip with backslash, like > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > allow="10\.100\.17\.33|10\.100\.88\.92" /> > > Best regards > > Peter >
