发表新帖
发表新帖

Tomcat: Restrict access to localhost for /just one/ webapp

前端 未结
关注
3 1104
旧巷少年郎
旧巷少年郎 2021-02-05 20:16

I\'m running Tomcat 6 to serve several web apps, most of which are public-facing. But I\'d like to restrict access to just one webapp, allowing connections only from l

相关标签:
3条回答
  • 北海茫月
    2021-02-05 21:03

    Goto following path: C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\Catalina\localhost\

    Under this path you find " manager.xml " file.

    Edit " manager.xml " file,with following content:

      <Valve className="org.apache.catalina.valves.RemoteAddrValve" 
   allow="127.0.0.1,10.100.1.2"/>

  <!-- Link to the user database we will get roles from
  <ResourceLink name="users" global="UserDatabase" 
    type="org.apache.catalina.UserDatabase"/>
  -->

    ****** save and run server....You got it. NOTE : 127.0.0.1 MEANS YOUR SYSTEM IP 10.100.1.2 -THIS IS YOUR FRIEND

    0 讨论(0)
  • 别那么骄傲
    2021-02-05 21:15

    You can create an individual context.xml for you app.

    This is an excerpt from Tomcat doc on context configuraion: Context elements may be explicitly defined:

    • In the $CATALINA_HOME/conf/context.xml file: the Context element information will be loaded by all webapps. In the $CATALINA_HOME/conf/[enginename]/[hostname]/context.xml.default file: the Context element information will be loaded by all webapps of that host.
    • In individual files (with a .xml extension) in the $CATALINA_HOME/conf/[enginename]/[hostname]/ directory. The name of the file (less the .xml) extension will be used as the context path. Multi-level context paths may be defined using #, e.g. foo#bar.xml for a context path of /foo/bar. The default web application may be defined by using a file called ROOT.xml.
    • Only if a context file does not exist for the application in the $CATALINA_HOME/conf/[enginename]/[hostname]/; in an individual file at /META-INF/context.xml inside the application files. If the web application is packaged as a WAR then /META-INF/context.xml will be copied to $CATALINA_HOME/conf/[enginename]/[hostname]/ and renamed to match the application's context path. Once this file exists, it will not be replaced if a new WAR with a newer /META-INF/context.xml is placed in the host's appBase.
    0 讨论(0)
  • 无人及你
    2021-02-05 21:22

    Allowing localhost didn't work for me. I use RemoteAddrValve instead. Keep in mind that some systems use IPv4 addresses (your filter has to match match 127.0.0.1) while others use IPv6 addresses (match the full address, not abbreviated notations like ::1).

    <Context>
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
           allow="0:0:0:0:0:0:0:1,127\.0\.0\.1" />
</Context>

    The attribute allow takes a regexp, so dots need to be escaped. As explained by Dmitry Negoda, this goes in /META-INF/context.xml.

    0 讨论(0)
 看不清?
提交回复
热议问题