mcgitty commented on pull request #367: URL: https://github.com/apache/tomcat/pull/367#issuecomment-696835594
Hi Mark, I found the root cause of the issue. It is the confusion created by this paragraph: > A default Tomcat installation includes the Manager. To add an instance of > the Manager web application Context to a new host install the manager.xml > context configuration file in the > $CATALINA_BASE/conf/[enginename]/[hostname] folder. Here is an example: > > <Context privileged="true" antiResourceLocking="false" > docBase="${catalina.home}/webapps/manager"> > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > allow="127\.0\.0\.1" /> > </Context> > > If I follow the above instructions to create *conf/Catalina/localhost/manager.xml* while having the out of the box folder in *${catalina.home}/webapps/manager*, then the "localhost" URL will get a "403 Access Denied" error and the "127.0.0.1" URL works. Remove the redundant manager.xml file makes both URLs work. The first sentence does not adequately describe that "a default Tomcat installation" means having the out of the box folder *${catalina.home}/webapps/manager*, and that users *should not create* *conf/Catalina/localhost/manager.xml* *at the same time*. Notice the sample manager.xml above points docBase to the default Tomcat installation path of manager, which is another pitfall by design. Thanks --Michael On Tue, Sep 22, 2020 at 6:48 AM Mark Thomas <notificati...@github.com> wrote: > The premise of this PR is incorrect. The allow pattern in the > RemoteAddrValve has no relationship to the host name used to access the > Tomcat instance. The pattern is matched against the client IP address. > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <https://github.com/apache/tomcat/pull/367#issuecomment-696733828>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/ABBAJ37O5OQWTIU2R62Z26DSHCTLJANCNFSM4RU26YEQ> > . > -- CONFIDENTIALITY NOTICE: This e-mail, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information or otherwise be protected by law. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and destroy all copies and the original message. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org