...
The admin and manager application do not provide a default login. Doing so is a security flaw. You need to edit $CATALINA_HOME/conf/tomcat-users.xml if you are using the default install. Configuring Manager Application Access
How do I restrict access by ip address or remote host?By using the RemoteHostValve
or RemoteAddrValve
. Warning, these valves rely on accurate incoming ip addresses or hostnames. So they can fall victim to spoofing! See also RemoteIpValve
. Valve Reference Link
How do I use jsvc/procrun to run Tomcat on port 80 securely?...
How do I change the Server header in the response?In server.xml
- add a "server" attribute to the Connector element. http://tomcat.apache.org/tomcat-6.0-doc/config/http.html