mcgitty commented on pull request #367:
URL: https://github.com/apache/tomcat/pull/367#issuecomment-696835594
Hi Mark,
I found the root cause of the issue. It is the confusion created by this
paragraph:
> A default Tomcat installation includes the Manager. To add an instance of
> the Manager web application Context to a new host install the manager.xml
> context configuration file in the
> $CATALINA_BASE/conf/[enginename]/[hostname] folder. Here is an example:
>
> <Context privileged="true" antiResourceLocking="false"
> docBase="${catalina.home}/webapps/manager">
> <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> allow="127\.0\.0\.1" />
> </Context>
>
> If I follow the above instructions to create
*conf/Catalina/localhost/manager.xml* while having the out of the box
folder in *${catalina.home}/webapps/manager*, then the "localhost" URL will
get a "403 Access Denied" error and the "127.0.0.1" URL works. Remove the
redundant manager.xml file makes both URLs work.
The first sentence does not adequately describe that "a default Tomcat
installation" means having the out of the box folder
*${catalina.home}/webapps/manager*, and that users *should not create*
*conf/Catalina/localhost/manager.xml* *at the same time*. Notice the sample
manager.xml above points docBase to the default Tomcat installation path of
manager, which is another pitfall by design.
Thanks
--Michael
On Tue, Sep 22, 2020 at 6:48 AM Mark Thomas <notificati...@github.com>
wrote:
> The premise of this PR is incorrect. The allow pattern in the
> RemoteAddrValve has no relationship to the host name used to access the
> Tomcat instance. The pattern is matched against the client IP address.
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/apache/tomcat/pull/367#issuecomment-696733828>, or
> unsubscribe
>
<https://github.com/notifications/unsubscribe-auth/ABBAJ37O5OQWTIU2R62Z26DSHCTLJANCNFSM4RU26YEQ>
> .
>
--
CONFIDENTIALITY NOTICE: This e-mail, including attachments, is for the sole
use of the intended recipient(s) and may contain confidential and
privileged information or otherwise be protected by law. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender and destroy all copies and
the original message.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
