-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 9/6/16 2:23 PM, Mark Thomas wrote: > On 06/09/2016 18:29, Christopher Schultz wrote: >> Yuval, >> >> On 9/2/16 9:29 AM, Yuval Schwartz wrote: >>> Thanks. I'll give it a shot and let you guys know how it goes. >>> Any input on whether I should put this in my applications >>> context.xml or in my [host] directory? >> >> I would do it in the application. Unless you have a particular >> reason to manually-place the application's context.xml file into >> conf/[engine]/[host]/[app].xml, allow Tomcat to do that for you. > > Tomcat no longer copies context.xml by default. Even better: there's no confusion over which file will take effect, then . - -chris >>> On Fri, Sep 2, 2016 at 4:24 PM, Kreuser, Peter >>> <pkreu...@airplus.com> wrote: >> >>>> Hi Yuval, >>>> >>>> >>>>> -----Ursprüngliche Nachricht----- Von: Yuval Schwartz >>>>> [mailto:yuval.schwa...@gmail.com] Gesendet: Freitag, 2. >>>>> September 2016 13:28 An: Tomcat Users List Betreff: >>>>> Restrict access to manager app by IP >>>>> >>>>> Tomcat: 8.0.22 JDK: 1.8.0_05 >>>>> >>>>> Hello, >>>>> >>>>> I am currently running a web application. >>>>> >>>>> I would like to restrict access to the manager app (it is >>>>> currently >>>> being hit by spammers every so often who are unable to >>>> connect (get a message "...an attempt was made to >>>> authenticate the locked user")). >>>>> >>>>> I was thinking of adding a "manager.xml" file to >>>>> $CATALINA_BASE/conf/[enginename]/[hostname]/ >>>> that will contain the following context container: >>>>> >>>>> <Context privileged="true" docBase="[path_to_manager]"> >>>>> <Valve >>>> className="org.apache.catalina.valves.RemoteAddrValve" >>>>> allow="[my_ip]"/> </Context> >>>>> >>>>> Is this the correct way to achieve my goal of limiting >>>>> access to the >>>> manager app to only my IP. >>>>> >>>>> Of course, I do not want the rest of my webapp's access >>>>> limited (which >>>> is on the ROOT path). I only want access to the manager app >>>> limited. >>>>> >>>>> (I know I can also place the context container in my >>>>> webapp's >>>> META-INF/context.xml file, is there any preference to doing >>>> this over what I suggested above?) >>>>> >>>>> Thank you _ >>>>> >>>> >>>> That's the proposed solution for it. I don't think that you >>>> need the docbase - unless you don't use the default >>>> location. >>>> >>>> I think you will have to quote the . in the ip with >>>> backslash, like <Valve >>>> className="org.apache.catalina.valves.RemoteAddrValve" >>>> allow="10\.100\.17\.33|10\.100\.88\.92" /> >>>> >>>> Best regards >>>> >>>> Peter >>>> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXzw/1AAoJEBzwKT+lPKRYhKwQAJ1isb7hLnjzol2dlgGbKhNy eWTG+ND5CSyVcuSDZ8PyDUuURS3XLS6cb96VIOSyY6KoAzyAXfVqvnhsOj1k/hVx SUxQBzbLG13RcPhzwJGUw/+0rb43Dj4A05yHnVxI1icOQHZ69ntEsAP1ZBV/OatP F3bIiipEfB7D1aMabXdUzuJNkjooJaJfwITIQfYi/B9CCme1WDAPf6yEAZ2BPVbh /IM/ym/fEJUjCoBTlou0bJlcTLXrKGkadTzFckeQst95myg9lSGoaGQ+V9OkeNcl 2H5BJRsmrYGM5jkR7FWcOy0rLxw0baCqIN8pMxsJ991TIS98ajOKz/ztJAPuzw/U iljQ0RG0nR21Cz2fWGW2BA1uv5MG46YQQM7Tf1rll4Jg2/gJIH+QNDZ7lfJQMGX3 pkzAsNQ7cljOX0BdQJeTUA1l/u3ZwD1wjsv0736RP7YXTMjGRqIqKTDanS9Htc7a 783pYOk90Eb1lp54KLJvdhlV9WaST2RCymnt2uCR5n3Hq9dJz5Olg8HGoEKCzTw2 eI5MIhLUnTx1CZWewwy7sWjMFICJRbdI6nAlyuJBjQxEKKRsIqFk91iThcOUIxs6 fJum7wxts2Y9kZm7AceU2EIELp2vemncv9GBTw7XsfCagqafB+2/2clfZ+t9jmtU TD5nnWLSx684PBw1SGqY =bYV4 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
