2018-07-12 18:24 GMT+03:00 Désilets, Alain <alain.desil...@nrc-cnrc.gc.ca>: >> Where 132.246.129.58 is my IP address. Note that I tried also with >> “132.0.0.0” and with “^.*$” to no avail. > > I should be more precise… > > When I try with “^.*$”, I get same behavior as when I didn’t have a > manager.xml file, ie: > > * Server Status: works > * Manager: opens page but deploying war causes ‘This site can’t be > reached’ > * Host Manager: ‘403 Access Denied’ > > And by “132.0.0.0.”, I actually meant “127.0.0.1”. When I try that from > ‘localhost:8080’, all buttons result in ‘403 Access Denied’. But when I > access the buttons from “127.0.0.1:8080”, I get the same behavior as above
See https://wiki.apache.org/tomcat/FAQ/Troubleshooting_and_Diagnostics#Common_Troubleshooting_Scenario "localhost" name never resolves to "132."something. > /usr/local/apache-tomcat-8.5.4/bin Why 8.5.4??? Why not the current release (8.5.32)? See http://tomcat.apache.org/security-8.html > sudo sh startup.sh; Do not run Tomcat as root! See http://tomcat.apache.org/tomcat-8.5-doc/security-howto.html Delete all temporary files (in the logs, temp and work directories of Tomcat) that might now be owned by root and not writable by a regular user and start over. Note that deploying / undeploying a web application via Manager requires write access to the webapps, work and maybe conf directories for the user running Tomcat java process. > <role rolename="manager"/> > <role rolename="manager-script"/> > <role rolename="manager-gui"/> > <user username="admin" password="admin" roles="manager,manager-script,manager-gui"/> The Manager app in Tomcat 8.5 does not use the "manager" role. The last time it was used was Tomcat 6. Are you sure that you are following a correct manual? The "manager-script" role should be used by automated scripts only. Granting "manager-script" and "manager-gui" to the same user means that CSRF protection (in the Manager web application) for that user will be ineffective. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org