Version: Tomcat 8.5.8
Issue: Newly installed Tomcat, server Status, manager App, Host manager three pages with other machines accessing Tomcat are displayed 403 (no problem with native access), conf/ Configuration has been added in Tomcat-users.xml:
<role rolename= "Manager-gui"/>
<role rolename= "Admin-gui"/>
<user username= "Tomcat" password= "qazwsx" roles= "Manager-gui,admin-gui"/>
After rebooting, it is still 403, even when trying to use a variety of solutions, there are 404 (cause unknown)
Find online Solutions No fruit, most of the online articles are only mentioned in the Tomcat-users.xml add the above statement, can not solve, through the official documents, English really rotten (with translation software, see smattering), and finally find the real reason.
Open WebApps under the Host-manager and manager, there is a common folder Meta-inf, there are context.xml, the content of this file is:
<context antiresourcelocking= "false" privileged= "true" >
<valve classname= "Org.apache.catalina.valves.RemoteAddrValve"
allow= "127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/>
</Context>
By looking at the official documentation, it is known that this code is restricted to visiting IP, 127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1, is a regular expression that represents the native loopback address of IPv4 and IPv6, so this also explains Why do we have access to the admin interface, but the other machines are actually 403.
Find out why, then modify the regular expression here, for example, we only allow intranet segment 192.168.88 Access Management page, then change to this can be:
<context antiresourcelocking= "false" privileged= "true" >
<valve classname= "Org.apache.catalina.valves.RemoteAddrValve"
allow= "192.168.88.*"/>
</Context>
Modify complete, close the browser, reopen Tomcat, problem solving!
Attached: context.xml In addition to restricting IP and host, there are more functions, you can refer to the Official document: Http://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Remote _address_filter
This article is from the "Progress a little every day" blog, be sure to keep this source http://yujia2016.blog.51cto.com/59379/1878743
The real reasons and solutions for Tomcat Manager Page 403