On 06/09/2016 18:29, Christopher Schultz wrote: > Yuval, > > On 9/2/16 9:29 AM, Yuval Schwartz wrote: >> Thanks. I'll give it a shot and let you guys know how it goes. Any >> input on whether I should put this in my applications context.xml >> or in my [host] directory? > > I would do it in the application. Unless you have a particular reason > to manually-place the application's context.xml file into > conf/[engine]/[host]/[app].xml, allow Tomcat to do that for you.
Tomcat no longer copies context.xml by default. Mark > > -chris > >> On Fri, Sep 2, 2016 at 4:24 PM, Kreuser, Peter >> <pkreu...@airplus.com> wrote: > >>> Hi Yuval, >>> >>> >>>> -----Ursprüngliche Nachricht----- Von: Yuval Schwartz >>>> [mailto:yuval.schwa...@gmail.com] Gesendet: Freitag, 2. >>>> September 2016 13:28 An: Tomcat Users List Betreff: Restrict >>>> access to manager app by IP >>>> >>>> Tomcat: 8.0.22 JDK: 1.8.0_05 >>>> >>>> Hello, >>>> >>>> I am currently running a web application. >>>> >>>> I would like to restrict access to the manager app (it is >>>> currently >>> being hit by spammers every so often who are unable to connect >>> (get a message "...an attempt was made to authenticate the locked >>> user")). >>>> >>>> I was thinking of adding a "manager.xml" file to >>>> $CATALINA_BASE/conf/[enginename]/[hostname]/ >>> that will contain the following context container: >>>> >>>> <Context privileged="true" docBase="[path_to_manager]"> <Valve >>> className="org.apache.catalina.valves.RemoteAddrValve" >>>> allow="[my_ip]"/> </Context> >>>> >>>> Is this the correct way to achieve my goal of limiting access >>>> to the >>> manager app to only my IP. >>>> >>>> Of course, I do not want the rest of my webapp's access limited >>>> (which >>> is on the ROOT path). I only want access to the manager app >>> limited. >>>> >>>> (I know I can also place the context container in my webapp's >>> META-INF/context.xml file, is there any preference to doing this >>> over what I suggested above?) >>>> >>>> Thank you _ >>>> >>> >>> That's the proposed solution for it. I don't think that you need >>> the docbase - unless you don't use the default location. >>> >>> I think you will have to quote the . in the ip with backslash, >>> like <Valve >>> className="org.apache.catalina.valves.RemoteAddrValve" >>> allow="10\.100\.17\.33|10\.100\.88\.92" /> >>> >>> Best regards >>> >>> Peter >>> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
