I have Tomcat 6 installed on a server with multiple network interfaces; one is public-facing, and the other is on our internal network. Is there a way to configure Tomcat such that internal users are allowed to (attempt to) log in to the manager tool but users from the public internet receive an HTTP 403 or similar? I'm completely new to Tomcat and have been attempting to understand the documentation, but have had limited success.
Asked
Active
Viewed 292 times
2 Answers
1
You can restrict by source in tomcat manager configuration: ${tomcat_home}/conf/Catalina/localhost/manager.xml
Example
<Context antiResourceLocking="false" privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1,8\.8\.4\..*"/>
</Context>
127.0.0.1 and 8.8.4.* are allowed, everything else gets a 403.
Value of allow is a comma separated regular expression.
h0tw1r3
- 2,746
- 18
- 17
0
If you have more than one interface and you want to restrict it, setup a separate connector for that app to run on with the address= directive in the connector.
HTH
Kobus
Kobus
- 57
- 5