Author: markt
Date: Wed Jan 19 00:00:59 2011
New Revision: 1060627
URL: http://svn.apache.org/viewvc?rev=1060627&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=22278
Add a commented out RemoteAddrValve that limits access to the Manager and Host
Manager applications to localhost.
Based on a patch by Yann Cébron.
Modified:
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/host-manager/META-INF/context.xml
tomcat/trunk/webapps/manager/META-INF/context.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1060627&r1=1060626&r2=1060627&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Jan 19 00:00:59 2011
@@ -111,6 +111,11 @@
<subsection name="Web applications">
<changelog>
<fix>
+ <bug>22278</bug>: Add a commented out <code>RemoteAddrValve</code> that
+ limits access to the Manager and Host Manager applications to
localhost.
+ Based on a patch by Yann Cébron. (markt)
+ </fix>
+ <fix>
Correct a handful of Javadoc warnings. (markt)
</fix>
<add>
Modified: tomcat/trunk/webapps/host-manager/META-INF/context.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/host-manager/META-INF/context.xml?rev=1060627&r1=1060626&r2=1060627&view=diff
==============================================================================
--- tomcat/trunk/webapps/host-manager/META-INF/context.xml (original)
+++ tomcat/trunk/webapps/host-manager/META-INF/context.xml Wed Jan 19 00:00:59
2011
@@ -15,4 +15,13 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<Context antiResourceLocking="false" privileged="true" />
+<Context antiResourceLocking="false" privileged="true" >
+ <!--
+ Remove the comment markers from around the Valve below to limit access to
+ the host-manager application to clients connecting from localhost
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+ allow="127\.0\.0\.1|::1" />
+ -->
+</Context>
\ No newline at end of file
Modified: tomcat/trunk/webapps/manager/META-INF/context.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/META-INF/context.xml?rev=1060627&r1=1060626&r2=1060627&view=diff
==============================================================================
--- tomcat/trunk/webapps/manager/META-INF/context.xml (original)
+++ tomcat/trunk/webapps/manager/META-INF/context.xml Wed Jan 19 00:00:59 2011
@@ -15,4 +15,13 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<Context antiResourceLocking="false" privileged="true" />
+<Context antiResourceLocking="false" privileged="true" >
+ <!--
+ Remove the comment markers from around the Valve below to limit access to
+ the manager application to clients connecting from localhost
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+ allow="127\.0\.0\.1|::1" />
+ -->
+</Context>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
