Restrict Access to Your Tomcat Web Application

Abhi Joshi
Abhi Joshi used Ask the Experts™
on
We are still using Tomcat 6.0 and plan to move to latest version by next year. Problem with current version is to set the access deny to our web-application.

I tried adding valve with webapps/META-INF/context.xml file as below but nothing works. Can you please provide a fix.

<Context antiJARLocking="true" path="/">
<Valve className="org.apache.catalina.valves.RemoteIpValve" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="{IP_address}" />
</Context>

Or

<Context antiResourceLocking="false" privileged="true">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1,8\.8\.4\..*"/>
</Context>

Open in new window


Do you guys have any another solution as I want to restrict outside users from accessing Manager view and it will be accessible only from localhost?

Best Regards
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2007

Commented:
The manager webapp?  I thought Tomcat didn't allow access to it except from a browser on the server on which manager is running?  Are you sure you can get to it externally?  Or is this the case that you want to get to it externally, but need to restrict allowed ip's which can do that?

Per your question, Tomcat won't pick up your context unless you name it correctly.    The file name, and your reference to it.  We can't tell from what you've posted, but something like:
* create file conf/Catalina/localhost/manager.xml

manager.xml should look something like this:
<Context privileged="true" antiResourceLocking="false"
         docBase="${catalina.home}/webapps/manager">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$" />
</Context>

You change the allow= regular expression to match the ip address you want.

Author

Commented:
Hey,
Thanks for getting back. Actually manager.xml is present inside manager folder. It's accessable from everywhere but require manager pwd and username. I just want to limit it to localhost and remotehost should not be able to get it. I tried adding valve inside manger.xml but not sure why it's not getting read by system.
Please let me know if need more details.

Best Regards

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial