Link to home
Start Free TrialLog in
Avatar of Abhi Joshi
Abhi Joshi

asked on

Restrict Access to Your Tomcat Web Application

We are still using Tomcat 6.0 and plan to move to latest version by next year. Problem with current version is to set the access deny to our web-application.

I tried adding valve with webapps/META-INF/context.xml file as below but nothing works. Can you please provide a fix.

<Context antiJARLocking="true" path="/">
<Valve className="org.apache.catalina.valves.RemoteIpValve" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="{IP_address}" />
</Context>

Or

<Context antiResourceLocking="false" privileged="true">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1,8\.8\.4\..*"/>
</Context>

Open in new window


Do you guys have any another solution as I want to restrict outside users from accessing Manager view and it will be accessible only from localhost?

Best Regards
Avatar of mrcoffee365
mrcoffee365
Flag of United States of America image
The manager webapp?  I thought Tomcat didn't allow access to it except from a browser on the server on which manager is running?  Are you sure you can get to it externally?  Or is this the case that you want to get to it externally, but need to restrict allowed ip's which can do that?

Per your question, Tomcat won't pick up your context unless you name it correctly.    The file name, and your reference to it.  We can't tell from what you've posted, but something like:
* create file conf/Catalina/localhost/manager.xml

manager.xml should look something like this:
<Context privileged="true" antiResourceLocking="false"
         docBase="${catalina.home}/webapps/manager">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$" />
</Context>

You change the allow= regular expression to match the ip address you want.
Avatar of Abhi Joshi
Abhi Joshi

ASKER

Hey,
Thanks for getting back. Actually manager.xml is present inside manager folder. It's accessable from everywhere but require manager pwd and username. I just want to limit it to localhost and remotehost should not be able to get it. I tried adding valve inside manger.xml but not sure why it's not getting read by system.
Please let me know if need more details.

Best Regards
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.