> From: Johan Martinez [mailto:jmart...@gmail.com] > Subject: Re: IP based request filters for admin/manager > > I don't want to replace the default ROOT webapp, in other > words, I don't want my specific webapp to be ROOT app.
A little odd, but if that's your choice... > But I would like to restrict/hide information normally > exposed by the default ROOT webapp. All of what Tomcat's default ROOT has, or just some of it? For all of it, just place a <Context> element in webapps/ROOT/META-INF/context.xml, configuring the valve you already know about. (Do not use path or docBase attributes here - they're not allowed.) If you only want to restrict some of it, but don't want to use authentication, you'll need to write a more sophisticated filter. There's no need to move or rename ROOT, unless you're just trying to obscure things (and security through obscurity is a fool's game). > I removed 'manager' from webapps directory. What version of Tomcat are you using? If you're using 5.5.x (hinted at by your previous message's reference to a doc page), the manager webapp is in server/webapps, not the regular webapps directory. If you're using a newer Tomcat (and you probably should be), manager is under the regular webapps directory. > Now I am not able to access http://hostname/manager You never could - that will always get you a 404 (at least until Tomcat 7.0.1 comes out). > but http://hostname/manager/html works. That's the valid URL for the manager GUI. Looks like you didn't really get rid of it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
