On 24/09/2025 18:12, James H. H. Lampert wrote:
I'm preparing to do a Tomcat update on a customer box, and I find that
I'm unable to reach the manager context.
I have the RemoteAddrValve on the manager set to denyStatus="404" and I
have (with the actual IP addresses redacted):
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|{my office IP}|{another
office ip}" />
but I'm getting blocked with a 404 error.
My best guess is that their firewall is making me look like a different
IP address. And this certainly squares with the fact that I see HTTPS
connections from over 50 IP addresses, none of them my office address.
But is there a way, without shutting down and restarting Tomcat, to find
out what it's seeing me as?
Make a bunch of requests that should get routed to that Tomcat instance
but will result in 404s. Then check the access log for those URLs (they
are hopefully unique) and see what IP address they are associated with.
Or to get a change in the allow clause to
take effect without a restart?
You only need to reload the Manager. If autoDeploy is set to true (the
default) then editing manager/META-INF/context.xml should be enough.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
