For security reasons, I would like to disable the remote deployment of web applications via Tomcat's manager page, which allows one to upload and deploy a war file. Is this possible?
Are there any other recommendations for hardening Tomcat against possible attacks?
Thanks in advance.
从tomcat / webapps文件夹中删除管理器(以及其他预安装的文件夹)。
web application could be restricted by the remote IP address or host by adding a RemoteAddrValve or RemoteHostValve in context.xml
<Context privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.0\.0\.1"/>
</Context>
http://blog.techstacks.com/2009/05/tomcat-management-setting-up-tomcat.html
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.