-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Yuval,
On 9/2/16 9:29 AM, Yuval Schwartz wrote: > Thanks. I'll give it a shot and let you guys know how it goes. Any > input on whether I should put this in my applications context.xml > or in my [host] directory? I would do it in the application. Unless you have a particular reason to manually-place the application's context.xml file into conf/[engine]/[host]/[app].xml, allow Tomcat to do that for you. - -chris > On Fri, Sep 2, 2016 at 4:24 PM, Kreuser, Peter > <pkreu...@airplus.com> wrote: > >> Hi Yuval, >> >> >>> -----Ursprüngliche Nachricht----- Von: Yuval Schwartz >>> [mailto:yuval.schwa...@gmail.com] Gesendet: Freitag, 2. >>> September 2016 13:28 An: Tomcat Users List Betreff: Restrict >>> access to manager app by IP >>> >>> Tomcat: 8.0.22 JDK: 1.8.0_05 >>> >>> Hello, >>> >>> I am currently running a web application. >>> >>> I would like to restrict access to the manager app (it is >>> currently >> being hit by spammers every so often who are unable to connect >> (get a message "...an attempt was made to authenticate the locked >> user")). >>> >>> I was thinking of adding a "manager.xml" file to >>> $CATALINA_BASE/conf/[enginename]/[hostname]/ >> that will contain the following context container: >>> >>> <Context privileged="true" docBase="[path_to_manager]"> <Valve >> className="org.apache.catalina.valves.RemoteAddrValve" >>> allow="[my_ip]"/> </Context> >>> >>> Is this the correct way to achieve my goal of limiting access >>> to the >> manager app to only my IP. >>> >>> Of course, I do not want the rest of my webapp's access limited >>> (which >> is on the ROOT path). I only want access to the manager app >> limited. >>> >>> (I know I can also place the context container in my webapp's >> META-INF/context.xml file, is there any preference to doing this >> over what I suggested above?) >>> >>> Thank you _ >>> >> >> That's the proposed solution for it. I don't think that you need >> the docbase - unless you don't use the default location. >> >> I think you will have to quote the . in the ip with backslash, >> like <Valve >> className="org.apache.catalina.valves.RemoteAddrValve" >> allow="10\.100\.17\.33|10\.100\.88\.92" /> >> >> Best regards >> >> Peter >> > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXzv0QAAoJEBzwKT+lPKRYzmAP/j8dKzBSD6tVZ/BgIy+zMugt sSKse+GWF52mPs3bhTx6Mghil0pLxCL8kROHUVVPrq8DknGf81qaSsxCqEgi7r6r ZnK8YYG0GAVFbUjDHcBGDtD4jGV+S7Vwfp7CxJqdpuM2XAzU/EX+A2vwsDxm96Hg bNhZ0Dv1xeErKzH+X6zcEeqSGXS411dxfH86zpoQrispygSEzFQ4eZ+qXcg/39rO ukN2L6gkeN0wo4rqLTTIEOz/qoIqWjB7Oi+DQFEZWxSQuFeM2XHZ6XcVR7W6D+zN AmiKuFQp6jrsmnpIaWWdLk5BGAogb0aGTE6sgBhYuutLvB9JA4XqCq57fzlR8y58 eR2hoTlEdqs8hSvllOBpyYoZdoOlpdCEHoTc/6LEMP+JIFL7QAy+/wQNXJv8XeQ7 BKFlkSceNvRWLdYFi4q2aVIgr1ZtgzP5VwZjMNVyeO5/oYzKp0PS7+3s52rBs3At Jj7WuqUDob6ZMp5Q4DgM2SCK1xe0Q1bgooJMC8zaxyyzfPcY1i3DiIls/RTXPd47 fGnHEIHSrkDbsMq3Jxr+3pCWukZqRsnWcMIzORRHWEGlDF2NidnC5h1M7y0p7yhO erjwuLmDwwNZzpWMhjjMPB6avoiy46wa+lhIjbCyuCLiJGp1gIkFfcIUsvXxkKFq BYUo344Ks4Vjvk40V1Nz =gIMk -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
