|Summary:||Documentation followup to enabling RemoteAddrValve in Manager and HostManager|
|Product:||Tomcat 9||Reporter:||Konstantin Kolinko <knst.kolinko>|
|Component:||Catalina||Assignee:||Tomcat Developers Mailing List <dev>|
Description Konstantin Kolinko 2016-06-08 01:21:02 UTC
Since r1734267 a RemoteAddrValve.is configured by default in Manager and HostManager web applications. This feature is present in 9.0.0.M4 and 8.5.0 onwards. 1) http://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Securing_Management_Applications says: [quote] Uncomment the RemoteAddrValve in /META-INF/context.xml which limits access to localhost. [/quote] The quoted text has to be updated. 1. Maybe s/Uncomment the/Configure a/. 2. Maybe link to config/context.html, as Context configuration can also be conf/Catalina/localhost/<appname>.xml, or link to Manager documentation that has a more complete instruction. http://tomcat.apache.org/tomcat-9.0-doc/manager-howto.html#Configuring_Manager_Application_Access 3. Link to RemoteAddrValve documentation is broken, as target section was renamed in r1642588. s/valve.html#Remote_Address_Filter/valve.html#Remote_Address_Valve/ or /valve.html#Access_Control/ 2) Maybe mention this change in Tomcat 8.5 and 9.0 Migration Guides.
Comment 1 Mark Thomas 2016-06-23 20:18:13 UTC
Fixed in 9.0.x for 9.0.0.M9 onwards and in 8.5.x for 8.5.4 onwards. The migration section of the main web site has also been updated.