Add a commented out RemoteAddrValve that limits access to the Manager and Host Manager applications to localhost.
Based on a patch by Yann Cébron.
git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@
1060627 13f79535-47bb-0310-9956-
ffa450edef68
<subsection name="Web applications">
<changelog>
<fix>
+ <bug>22278</bug>: Add a commented out <code>RemoteAddrValve</code> that
+ limits access to the Manager and Host Manager applications to localhost.
+ Based on a patch by Yann Cébron. (markt)
+ </fix>
+ <fix>
Correct a handful of Javadoc warnings. (markt)
</fix>
<add>
See the License for the specific language governing permissions and
limitations under the License.
-->
-<Context antiResourceLocking="false" privileged="true" />
+<Context antiResourceLocking="false" privileged="true" >
+ <!--
+ Remove the comment markers from around the Valve below to limit access to
+ the host-manager application to clients connecting from localhost
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+ allow="127\.0\.0\.1|::1" />
+ -->
+</Context>
\ No newline at end of file
See the License for the specific language governing permissions and
limitations under the License.
-->
-<Context antiResourceLocking="false" privileged="true" />
+<Context antiResourceLocking="false" privileged="true" >
+ <!--
+ Remove the comment markers from around the Valve below to limit access to
+ the manager application to clients connecting from localhost
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+ allow="127\.0\.0\.1|::1" />
+ -->
+</Context>
projects / tomcat7.0 / commitdiff