Hi Chris, Thanks again, we don't want to use it at all, and the problem stemmed only from the fact that we have a pen test due and although the manager app wasn't actually accessible (we never changed the tomcat-users file) browsing to the url reported a tomcat standard error page that revealed the tomcat version we are using. That is something they will pick up on during the test and is something we hadnt noticed before.
How would I undeploy the entire app so that browsing to the url /manager/ would not result in a standard error page? -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 25 March 2009 13:18 To: Tomcat Users List Subject: Re: URL: /manager/html -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul, On 3/25/2009 9:01 AM, Ockleford Paul (NHS Connecting for Health) wrote: > When I say forward on any request that is actually probably a > misleading statement, I changed the url context for the manager web > application to point to our web app that handles any contexts from > that point on. Yeah, I'm confused. Let's start over: Do you want the manager app to run at all? If not, just undeploy it. They you don't have to worry about anyone accessing it. If you do want it to run, but you want people to authenticate against your application before using it, you'll need to set up a more complicated authentication/authorization configuration. If you want the manager app available only for certain people, I would configure the security for the manager app separately from your main application, and lock it down appropriately (for instance, allow connections only from known IPs, etc.). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknKLwkACgkQ9CaO5/Lv0PCbMgCaAr4fK8O3mszC1b9LSlQtWrOj fFcAniow7ep1u621HL6si5CszDXRN427 =MRF0 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ********************************************************************** This message may contain confidential and privileged information. If you are not the intended recipient please accept our apologies. Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it. Thank you for your co-operation. NHSmail is used daily by over 100,000 staff in the NHS. Over a million messages are sent every day by the system. To find out why more and more NHS personnel are switching to this NHS Connecting for Health system please visit www.connectingforhealth.nhs.uk/nhsmail ********************************************************************** --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
