improving security for the tomcat manager app

if one must run the tomcat manager, access to it should be restricted to the local network, or better, to localhost.

add a RemoteAddrValve to the Context element of configs. For example, to restrict connections to the localhost, edit $TOMCAT_HOME/conf/Catalina/localhost/admin.xml and $TOMCAT_HOME/conf/Catalina/localhost/manager.xml:

change:
    <Context antiResourceLocking="false" privileged="true" />
to:
    <Context antiResourceLocking="false" privileged="true">
        <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1"/>
    </Context>

the allow attribute is a comma separated list of regular expressions of remote client ip’s or hostnames. e.g.:

allow="128\.117\.140\.62"
allow="128\.117\.140\.62,128\.117\.140\.63,128\.117\.140\.99"
allow="128\.117\.140\..*"
allow=".*\.example\.com"