Thanks for the reply Chuck. I don't want to replace the default ROOT webapp, in other words, I don't want my specific webapp to be ROOT app. But I would like to restrict/hide information normally exposed by the default ROOT webapp. I am thinking about renaming ROOT directory to some other-random-name and restrict access to other-random-name using IP filtering. Any suggestions or comments?
Also, an unrelated question to IP filtering, but related manager webapp. I removed 'manager' from webapps directory. Now I am not able to access http://hostname/manager , but http://hostname/manager/html works. I am not following how second link is working? Am I missing anything? Thanks, jM. On Sat, Jul 17, 2010 at 11:30 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Johan Martinez [mailto:jmart...@gmail.com] > > Subject: IP based request filters for admin/manager > > > > How can I deny access to default welcome/index page, > > changelog, release-notes etc.? > > If you're deploying Tomcat in any kind of environment that requires > securing access to various components, you would normally replace the > default webapp (ROOT) with one of your own, thereby eliminating the > changelog, release-notes, etc. > > If you want to restrict access to specific resources within a webapp, use > the servlet-spec defined mechanisms to configure security for the webapp. > (Some familiarity with the servlet spec is required before fooling around > with a servlet container such as Tomcat.) > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
