方法1:删除应用文件(最彻底)
-
定位Tomcat的webapps目录
|
1 |
<span class="token builtin class-name">cd</span> <span class="token variable">$CATALINA_HOME</span>/webapps |
-
删除相关目录和war文件
|
1 2 3 4 5 6 7 |
<span class="token comment"># 删除manager应用</span> <span class="token function">rm</span> <span class="token parameter variable">-rf</span> manager <span class="token function">rm</span> <span class="token parameter variable">-f</span> manager.war <span class="token comment"># 删除host-manager应用</span> <span class="token function">rm</span> <span class="token parameter variable">-rf</span> host-manager <span class="token function">rm</span> <span class="token parameter variable">-f</span> host-manager.war |
方法2:重命名应用文件(可恢复)
|
1 2 3 4 5 6 7 |
<span class="token builtin class-name">cd</span> <span class="token variable">$CATALINA_HOME</span>/webapps <span class="token comment"># 重命名war文件和目录</span> <span class="token function">mv</span> manager.war manager.war.disabled <span class="token function">mv</span> host-manager.war host-manager.war.disabled <span class="token function">mv</span> manager manager.disabled <span class="token operator"><span class="token file-descriptor important">2</span>></span>/dev/null <span class="token operator">||</span> <span class="token boolean">true</span> <span class="token function">mv</span> host-manager host-manager.disabled <span class="token operator"><span class="token file-descriptor important">2</span>></span>/dev/null <span class="token operator">||</span> <span class="token boolean">true</span> |
方法3:修改配置文件禁用访问
-
编辑tomcat-users.xml
|
1 2 3 4 5 6 7 8 9 |
<span class="token comment"><!-- 注释掉或删除manager相关的用户角色 --></span> <span class="token comment"><!-- <role rolename="manager-gui"/> <role rolename="manager-script"/> <role rolename="manager-jmx"/> <role rolename="manager-status"/> <role rolename="admin-gui"/> <role rolename="admin-script"/> --></span> |
-
修改context.xml文件
|
1 2 3 4 5 6 |
<span class="token comment"><!-- 编辑webapps/manager/META-INF/context.xml --></span> <span class="token comment"><!-- 增加IP限制,只允许本地访问 --></span> <span class="token tag"><span class="token punctuation"><</span>Context <span class="token attr-name">antiResourceLocking</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>false<span class="token punctuation">"</span></span> <span class="token attr-name">privileged</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>true<span class="token punctuation">"</span></span><span class="token punctuation">></span></span> <span class="token tag"><span class="token punctuation"><</span>Valve <span class="token attr-name">className</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>org.apache.catalina.valves.RemoteAddrValve<span class="token punctuation">"</span></span> <span class="token attr-name">allow</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>127\.0\.0\.1|::1<span class="token punctuation">"</span></span> <span class="token punctuation">/></span></span> <span class="token tag"><span class="token punctuation"></</span>Context<span class="token punctuation">></span></span> |
方法4:使用系统属性禁用
在启动Tomcat时添加系统属性:
|
1 2 |
<span class="token comment"># 在catalina.sh或setenv.sh中设置</span> <span class="token builtin class-name">export</span> <span class="token assign-left variable">JAVA_OPTS</span><span class="token operator">=</span><span class="token string">"<span class="token variable">$JAVA_OPTS</span> -Dorg.apache.catalina.manager.DISABLED=true"</span> |
方法5:修改server.xml配置
在server.xml的Host配置中排除这些应用:
|
1 2 3 |
<span class="token tag"><span class="token punctuation"><</span>Host <span class="token attr-name">name</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>localhost<span class="token punctuation">"</span></span> <span class="token attr-name">appBase</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>webapps<span class="token punctuation">"</span></span> <span class="token attr-name">unpackWARs</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>true<span class="token punctuation">"</span></span> <span class="token attr-name">autoDeploy</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>false<span class="token punctuation">"</span></span><span class="token punctuation">></span></span> <span class="token comment"><!-- 其他配置 --></span> <span class="token tag"><span class="token punctuation"></</span>Host<span class="token punctuation">></span></span> |
验证禁用效果
重启Tomcat后验证:
|
1 2 3 4 5 |
<span class="token comment"># 检查应用是否已卸载</span> <span class="token function">curl</span> <span class="token parameter variable">-I</span> http://localhost:8080/manager <span class="token function">curl</span> <span class="token parameter variable">-I</span> http://localhost:8080/host-manager <span class="token comment"># 应该返回404状态码</span> |
