This past week is my first experience/time working w/ tomcat so please bear w/
me. I think I have most of it figured out, the server seems to be running ok
and I've successfully limited the connections to it to ssl only by a couple of
hacks to the server.xml config file[1] The one final thing I can't quite
figure out is how to limit access to the admin and manager pages to either the
local host or a specific set of IPs. From looking around various help
sites/FAQs it seems to have something to do w/ a setting like this:
<Context path="/manager" debug="0" privileged="true"
docBase="/usr/local/kinetic/tomcat4/server/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127.0.0.1"/>
</Context>
What I don't know though, and can't find an example of off hand, is where does
this line go? In the $TOMCAT/conf/server.xml file right? Just in there in
general or do I have to associate it specifically w/ the connector on 8080
(which btw is the only one allowed in by the firewall)? Also if I want to
limit access to both the manager and admin webapps to specific IPs do I have
to do two different <Context> settings or can I do just one. In general
tomcat is being used for the Meeting Maker webapp client so if I want
everything but that client locked down to a specific set of IPs is there an
easier way of doing that? The desired effect would be anyone can access the
MM webapp from anywhere w/o any sort of tomcat based authentication but
everything else served by tomcat (including the index page) would require
authentication (based on the tomcat-users.xml file) and limited to specific
IPs.
Any hints/clues/suggestions are appreciated
Thanks
[1] I'm not sure if this is the "correct" way but this is what I figured out
and it seems to be working. Atleast whenever I try to connect w/o the https
it prompts me to d/l a .bin file. BTW is there any sort of security risk w/
that? I mean if someone d/ls the bin file are they going to be able to get
any info about my config (and specifically the user accounts/passwords)?
<Connector port="8080" maxHttpHeaderSize="8192"
keystoreFile="[removed]" keystorePass="[removed]"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
