Disallow access to tomcat's index.jsp to internet users

Question

I do not want internet users to access the tomcats index.jsp.

Say i have a domain as https://www.example.org. Then using https://www.example.org/index.jsp will show the tomcats manager to internet users too.

How can this be prevented ?

score 1 · Accepted Answer · answered Nov 20 '15 at 12:04

You can achieve that using the Tomcat's Remote Address Filter.

Modify the $CATALINA_HOME/conf/Catalina/localhost/manager.xml.

Add the filter like this:

<Context
    path="/manager"
    docBase="${catalina.home}/server/webapps"
    privileged="true">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
      allow="127\.0\.0\.1"
    />
</Context>

This will allow only local host addresses to access the manager app.

Disallow access to tomcat's index.jsp to internet users

1 Answers1