Bug 59672

Summary: Documentation followup to enabling RemoteAddrValve in Manager and HostManager
Product: Tomcat 9 Reporter: Konstantin Kolinko <knst.kolinko>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: minor    
Priority: P2    
Version: 9.0.0.M6   
Target Milestone: -----   
Hardware: PC   
OS: All   

Description Konstantin Kolinko 2016-06-08 01:21:02 UTC
Since r1734267 a RemoteAddrValve.is configured by default in Manager and HostManager web applications. This feature is present in 9.0.0.M4 and 8.5.0 onwards.

1)
http://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Securing_Management_Applications

says:
[quote]
Uncomment the RemoteAddrValve in /META-INF/context.xml which limits access to localhost. 
[/quote]

The quoted text has to be updated.

1. Maybe s/Uncomment the/Configure a/.

2. Maybe link to config/context.html, as Context configuration can also be conf/Catalina/localhost/<appname>.xml,  or link to Manager documentation that has a more complete instruction.

http://tomcat.apache.org/tomcat-9.0-doc/manager-howto.html#Configuring_Manager_Application_Access

3. Link to RemoteAddrValve documentation is broken, as target section was renamed in r1642588.

s/valve.html#Remote_Address_Filter/valve.html#Remote_Address_Valve/ or /valve.html#Access_Control/


2) Maybe mention this change in Tomcat 8.5 and 9.0 Migration Guides.
Comment 1 Mark Thomas 2016-06-23 20:18:13 UTC
Fixed in 9.0.x for 9.0.0.M9 onwards and in 8.5.x for 8.5.4 onwards.

The migration section of the main web site has also been updated.