FH wrote: > This past week is my first experience/time working w/ tomcat so please bear w/ > me. I think I have most of it figured out, the server seems to be running ok > and I've successfully limited the connections to it to ssl only by a couple of > hacks to the server.xml config file[1] The one final thing I can't quite > figure out is how to limit access to the admin and manager pages to either the > local host or a specific set of IPs. From looking around various help > sites/FAQs it seems to have something to do w/ a setting like this: > > <Context path="/manager" debug="0" privileged="true" > docBase="/usr/local/kinetic/tomcat4/server/webapps/manager"> > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > allow="127.0.0.1"/> > </Context> > > What I don't know though, and can't find an example of off hand, is where does > this line go? In the $TOMCAT/conf/server.xml file right?
It can do. Not the best place for it but it will work. See http://tomcat.apache.org/tomcat-5.5-doc/config/context.html for other placement options. > Just in there in > general or do I have to associate it specifically w/ the connector on 8080 > (which btw is the only one allowed in by the firewall)? Again,http://tomcat.apache.org/tomcat-5.5-doc/config/context.html Also if I want to > limit access to both the manager and admin webapps to specific IPs do I have > to do two different <Context> settings or can I do just one. You would have to do it for each. > Any hints/clues/suggestions are appreciated > Thanks Have another read of http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html In particular the text that states: <quote> A comma-separated list of regular expression patterns that the remote client's IP address is compared to. If this attribute is specified, the remote address MUST match for this request to be accepted. If this attribute is not specified, all requests will be accepted UNLESS the remote address matches a deny pattern. </quote> The period is a reserved character in a regular expression so you will need to use something like allow="127\.0\.0\.1" Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
