stackoom
  简体   繁体   中英

How to disable Tomcat remote deployment?

 原文  2012-03-13 08:56:42       java/ tomcat

Question

For security reasons, I would like to disable the remote deployment of web applications via Tomcat's manager page, which allows one to upload and deploy a war file. Is this possible?

Are there any other recommendations for hardening Tomcat against possible attacks?

Thanks in advance.

2 answers

solution1
 1 ACCPTED  2012-03-13 09:17:40

从tomcat / webapps文件夹中删除管理器(以及其他预安装的文件夹)。

solution2
 0  2012-03-13 09:18:15

web application could be restricted by the remote IP address or host by adding a RemoteAddrValve or RemoteHostValve in context.xml 

<Context privileged="true">
         <Valve className="org.apache.catalina.valves.RemoteAddrValve"
                allow="127\.0\.0\.1"/>
</Context>

http://blog.techstacks.com/2009/05/tomcat-management-setting-up-tomcat.html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Remote Tomcat .war deployment base URL change Automatic Deployment of Java application on Remote Tomcat ANT to Remote Tomcat Deployment gets 500 How to disable https for tomcat how to disable tomcat caching? How to disable Tomcat JARScanner Deployment in tomcat Deployment on Tomcat 8 War deployment on remote Ubuntu tomcat 8.5 not working - but working on local tomcat 8.5 How to change tomcat default deployment directory in Eclipse?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM