In addition to the password restrictions the manager web application could be restricted by the remote IP address or host by adding a RemoteAddrValve or RemoteHostValve. Here is an example of restricting access to the localhost by IP address: <Context path="/manager" debug="0" privileged="true" docBase="/usr/local/kinetic/tomcat5/server/webapps/manager"> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/> </Context>