Tomcat
manager
host-manager
catalina.valves.RemoteAddValve

How to access Tomcat manager from outside

Symptom

After updating Tomcat 8.5.27, Tomcat mamager, host-manager app cannot be accessed except localhost, 127.0.0.1

How to fix

comment out org.apache.catalina.valves.RemoteAddValve

  • before
${catalina.base}/conf/Catalina/localhost/manager.xml
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
${catalina.base}/conf/Catalina/localhost/host-manager.xml
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  • after
${catalina.base}/conf/Catalina/localhost/manager.xml
<Context antiResourceLocking="false" privileged="true" >
  <!--
    Remove the comment markers from around the Valve below to limit access to
    the manager application to clients connecting from localhost
  -->
  <!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  -->
${catalina.base}/conf/Catalina/localhost/host-manager.xml
<Context antiResourceLocking="false" privileged="true" >
  <!--
    Remove the comment markers from around the Valve below to limit access to
    the host-manager application to clients connecting from localhost
  -->
  <!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  -->

References

59672: Update the security considerations page of the documentation web application to take account of the fact that the Manager and HostManager applications now have a RemoteAddrValve configured by default.

cf. https://stackoverflow.com/questions/36703856/access-tomcat-manager-app-from-different-host