如何限制只有某些IP才能使用Tomcat Manager
01 | < Context docBase = "${catalina.home}/server/webapps/manager" |
02 | privileged = "true" antiResourceLocking = "false" antiJARLocking = "false" > |
03 | < Valve className = "org.apache.catalina.valves.RemoteAddrValve" |
04 | allow = "127.0.0.1,192.168.1.*" /> |
05 |
06 | <!-- Link to the user database we will get roles from --> |
07 | < ResourceLink name = "users" global = "UserDatabase" |
08 | type = "org.apache.catalina.UserDatabase" /> |
09 |
10 | </ Context > |
只需要對原來的manager.xml加上
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127.0.0.1,192.168.1.*"/>
的設定,其中allow是允許的來源IP,如果有兩個以上時用逗號(,)隔開,同一個網段,可用萬用字元星號(*)來表示。
參考資料:
The Apache Tomcat 5.5 Servlet/JSP Container - Manager App HOW-TO
Apache Tomcat Configuration Reference - The Valve Component
Tomcat 7.0的設定方法:
在manager.xml中加入下列設定到Context
如:
參考資料:
http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_Address_Filter
在manager.xml中加入下列設定到Context
1 | <Valve className= "org.apache.catalina.valves.RemoteAddrValve" |
2 | allow= "114\.\d+\.\d+\.\d+" /> |
如:
1 | <Context docBase= "${catalina.home}/webapps/manager" |
2 | privileged= "true" antiResourceLocking= "false" antiJARLocking= "false" > |
3 | <Valve className= "org.apache.catalina.valves.RemoteAddrValve" |
4 | allow= "114\.\d+\.\d+\.\d+" /> |
5 | </Context> |
參考資料:
http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_Address_Filter