I have a problem with a Tomcat 9 under Ubuntu 16. The manager was released to the outside world and account data was stored, so that you could access the interface via / manager / html / list and, for example, deploy via Maven to the Tomcat via API.

Suddenly there was a brute force attack on the manager (every second found in the Apache log). So I quickly renamed the folder "manager" to "manager_" in the / webapp folder of the Tomcat. After a while I renamed it back, but now only a 403 error appears when it is called - not authorized.

Of course I restarted the Tomcat with /etc/init.d/tomcat9 restart. Even the entire server in question.

Nothing helps. Who has an idea why this could be?

Jeremy Davis's picture

Firstly when you say "Tomcat 9 under Ubuntu 16" I assume you mean the TurnKey Linux v16.x Tomcat standalone appliance?

Assuming so, my guess is that it's a permissions issue. It sounds like you moved the directory as the root (or admin) user. So when you moved it back, it's probably now owned by root, so the 'tomcat' user can't access it. So you'll need to change the ownership of that directory back to 'tomcat'.

If you're a Webmin user, then unfortunately, I'm not very familiar with that, so hopefully you can work out how to change ownership or permissions (the whole folder and all the files need to be owned by 'tomcot'). Or you can do it from the commandline:

chown -R tomcat:tomcat /PATH/TO/webapp/manager

(Where '/PATH/TO/webapp/manager' is the actual real path to the 'manager' folder).

I hope that helps. If you continue to have issues, please post back and I'll fire a Tomcat server up and have a look.

Add new comment