Resolve "403 Access Denied" when attempting to access Tomcat

Home > Search
  by

This error appears when attempting to access Server Status or Manager App or Host Manager in Tomcat.

 

The error starts by stating that "the Manager is only accessible from a browser running on the same machine as Tomcat" and recommends to "edit the Manager's context.xml file" to resolve this. If using a version 8.5.3 or below of Tomcat, the context.xml file is located at $TOMCAT_HOME/conf/Catalina/localhost/. If using version 8.5.4 or above of Tomcat, the context.xml file is located at $CATALINA_HOME/webapps/manager/META-INF/context.xml.

By default,the $CATALINA_HOME/webapps/manager/META-INF/context.xml file will have the following markup.

<?xml version="1.0" encoding="UTF-8"?>
<Context antiResourceLocking="false" privileged="true">
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
      allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionsFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HasMap"/>
</context>

 

The Valve section only allow access from 127.x.x.x or ::1. Comment out the Valve section.

<?xml version="1.0" encoding="UTF-8"?>
<Context antiResourceLocking="false" privileged="true">
  <!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve"
      allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> -->
  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionsFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HasMap"/>
</context>

 

Shutdown the Tomcat server.

[john.doe@server1 ~]$ $CATALINA_HOME/bin/shutdown.sh

 

Startup the Tomcat server.

[john.doe@server1 ~]$ $CATALINA_HOME/bin/startup.sh

 

You should now be able to access Server Status or Manager App or Host Manager in Tomcat.



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments