Rename the manager application – localhost/manager.xml
Details The manager application allows administrators to manage Tomcat remotely via a web interface. The manager application should be renamed...
- Home
- Security Hardening
- CIS Apache Tomcat 8 L2 V1.1.0
CIS Apache Tomcat 8 L2 V1.1.0
Rename the manager application – webapps/manager
Details The manager application allows administrators to manage Tomcat remotely via a web interface. The manager application should be renamed...Restrict access to the web administration application
Details Limit access to the web administration application to only those with a justified need. Rationale: Limiting access to the...Restrict manager application
Details Limit access to the manager application to only those with a justified need. Rationale: Limiting access to the least...Setup Client-cert Authentication
Details Client-cert authentication requires each client connecting to the server to have a certificate to authenticate. This is generally regarded...Use LockOut Realms
Details A LockOut realm wraps around standard realms adding the ability to lock a user out after multiple failed logins....Use secure Realms
Details A realm is a database of usernames and passwords used to identify valid users of web applications. Review the...