Bug 59672 - Documentation followup to enabling RemoteAddrValve in Manager and HostManager
Summary: Documentation followup to enabling RemoteAddrValve in Manager and HostManager
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 9.0.0.M6
Hardware: PC All
: P2 minor (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-08 01:21 UTC by Konstantin Kolinko
Modified: 2016-06-23 20:18 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Konstantin Kolinko 2016-06-08 01:21:02 UTC
Since r1734267 a RemoteAddrValve.is configured by default in Manager and HostManager web applications. This feature is present in 9.0.0.M4 and 8.5.0 onwards.

1)
http://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Securing_Management_Applications

says:
[quote]
Uncomment the RemoteAddrValve in /META-INF/context.xml which limits access to localhost. 
[/quote]

The quoted text has to be updated.

1. Maybe s/Uncomment the/Configure a/.

2. Maybe link to config/context.html, as Context configuration can also be conf/Catalina/localhost/<appname>.xml,  or link to Manager documentation that has a more complete instruction.

http://tomcat.apache.org/tomcat-9.0-doc/manager-howto.html#Configuring_Manager_Application_Access

3. Link to RemoteAddrValve documentation is broken, as target section was renamed in r1642588.

s/valve.html#Remote_Address_Filter/valve.html#Remote_Address_Valve/ or /valve.html#Access_Control/


2) Maybe mention this change in Tomcat 8.5 and 9.0 Migration Guides.
Comment 1 Mark Thomas 2016-06-23 20:18:13 UTC
Fixed in 9.0.x for 9.0.0.M9 onwards and in 8.5.x for 8.5.4 onwards.

The migration section of the main web site has also been updated.