On 19/01/2011 00:00, ma...@apache.org wrote: > Author: markt > Date: Wed Jan 19 00:00:59 2011 > New Revision: 1060627 > > URL: http://svn.apache.org/viewvc?rev=1060627&view=rev > Log: > Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=22278 > Add a commented out RemoteAddrValve that limits access to the Manager and > Host Manager applications to localhost. > Based on a patch by Yann Cébron.
I thought about extending this and enabling the Valve by default along with adding additional information to the 403 error page. Whilst I like to from a security point of view, I do wonder how much stuff it would break for users and how much traffic it would generate on the users list. Thoughts? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org