On 15/11/2022 17:41, James H. H. Lampert wrote:
We have Tomcat running on an AWS EC2 linux box.
I can get into manager from the office IP address, with the usual prompt
for user and password, but the boss, working from home, gets "You don't
have permission to access this resource."
Is this from Tomcat, or is it from something else?
Lots of guess work here.
I think, something else.
Looking at the context.xml for manager, I see:
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
From what little I know about this, my own ability to get in is more
puzzling than my boss's inability to do so. Any insights on that?
Tomcat will be behind some sort of load-balancer. Requests from the
load-balancer may appear to be coming from localhost. Have a look at the
Tomcat access logs for the client IP addresses.
My guess is the load-balancer is enforcing the access controls.
Or maybe you are using a VPN to connect to the Tomcat instance. Or ssh
with port redirection or ...
I never did learn how to write a RemoteAddrValve allow clause (so we've
just been disabling it); assuming we want to accept connections from
"1.2.3.4" and "5.6.7.8", could somebody show me what the allow clause
would look like?
"1\.2\.3\.4|5\.6\.7\.8"
It is a Java regular expression.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
