.Maui Blog

Restrict access to Tomcat 9 manager

To prevent access to the Tomcat 9 Manager to all IPs except those authorized, it is necessary to configure the file context.xml of the manager application.

The file should be found in the following path:

/opt/tomcat/webapps/manager/META-INF/context.xml

Edit the file and add the “Valve” node inside the “Context” node specifying the IP you are allowed to access (allow attribute), like this:

<?xml version="1.0" encoding="UTF-8"?>

<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127.0.0.1|123.123.123.123|321.321.321.321" />
  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
Exit mobile version