+1 - It might be nice to match 127.0.0.[0-9]{1,3} so it is more virtual
machine friendly for those who map localhost to an alternate loopback
address.
-Tim
On 1/18/2011 7:04 PM, Mark Thomas wrote:
On 19/01/2011 00:00, ma...@apache.org wrote:
Author: markt
Date: Wed Jan 19 00:00:59 2011
New Revision: 1060627
URL: http://svn.apache.org/viewvc?rev=1060627&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=22278
Add a commented out RemoteAddrValve that limits access to the Manager and Host
Manager applications to localhost.
Based on a patch by Yann Cébron.
I thought about extending this and enabling the Valve by default along
with adding additional information to the 403 error page.
Whilst I like to from a security point of view, I do wonder how much
stuff it would break for users and how much traffic it would generate on
the users list.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
