svn commit: r1060627 - in /tomcat/trunk/webapps: docs/changelog.xml host-manager/META-INF/context.xml manager/META-INF/context.xml

Tue, 18 Jan 2011 16:01:23 -0800 

Author: markt
Date: Wed Jan 19 00:00:59 2011
New Revision: 1060627

URL: http://svn.apache.org/viewvc?rev=1060627&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=22278
Add a commented out RemoteAddrValve that limits access to the Manager and Host 
Manager applications to localhost.
Based on a patch by Yann Cébron.

Modified:
    tomcat/trunk/webapps/docs/changelog.xml
    tomcat/trunk/webapps/host-manager/META-INF/context.xml
    tomcat/trunk/webapps/manager/META-INF/context.xml

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1060627&r1=1060626&r2=1060627&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Jan 19 00:00:59 2011
@@ -111,6 +111,11 @@
   <subsection name="Web applications">
     <changelog>
       <fix>
+        <bug>22278</bug>: Add a commented out <code>RemoteAddrValve</code> that
+        limits access to the Manager and Host Manager applications to 
localhost.
+        Based on a patch by Yann Cébron. (markt)
+      </fix>
+      <fix>
         Correct a handful of Javadoc warnings. (markt)
       </fix>
       <add>

Modified: tomcat/trunk/webapps/host-manager/META-INF/context.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/host-manager/META-INF/context.xml?rev=1060627&r1=1060626&r2=1060627&view=diff
==============================================================================
--- tomcat/trunk/webapps/host-manager/META-INF/context.xml (original)
+++ tomcat/trunk/webapps/host-manager/META-INF/context.xml Wed Jan 19 00:00:59 
2011
@@ -15,4 +15,13 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
-<Context antiResourceLocking="false" privileged="true" />
+<Context antiResourceLocking="false" privileged="true" >
+  <!--
+    Remove the comment markers from around the Valve below to limit access to
+    the host-manager application to clients connecting from localhost
+  -->
+  <!--
+  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+         allow="127\.0\.0\.1|::1" />
+  -->
+</Context>
\ No newline at end of file

Modified: tomcat/trunk/webapps/manager/META-INF/context.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/META-INF/context.xml?rev=1060627&r1=1060626&r2=1060627&view=diff
==============================================================================
--- tomcat/trunk/webapps/manager/META-INF/context.xml (original)
+++ tomcat/trunk/webapps/manager/META-INF/context.xml Wed Jan 19 00:00:59 2011
@@ -15,4 +15,13 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
-<Context antiResourceLocking="false" privileged="true" />
+<Context antiResourceLocking="false" privileged="true" >
+  <!--
+    Remove the comment markers from around the Valve below to limit access to
+    the manager application to clients connecting from localhost
+  -->
+  <!--
+  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+         allow="127\.0\.0\.1|::1" />
+  -->
+</Context>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to