http 返回的狀態值以及Tomcat webapp的管理

401 Unauthorized

當前請求須要用戶驗證。該響應必須包含一個適用於被請求資源的 WWW-Authenticate 信息頭用以詢問用戶信息。客戶端能夠重複提交一個包含恰當的 Authorization 頭信息的請求。若是當前請求已經包含了 Authorization 證書，那麼401響應表明着服務器驗證已經拒絕了那些證書。若是401響應包含了與前一個響應相同的身份驗證詢問，且瀏覽器已經至少嘗試了一次驗證，那麼瀏覽器應當向用戶展現響應中包含的實體信息，由於這個實體信息中可能包含了相關診斷信息。參見RFC 2617。

222.186.130.186 - - [20/Apr/2015:00:33:01 +0800] "GET / HTTP/1.1" 200 2218
121.40.83.80 - - [20/Apr/2015:02:01:24 +0800] "GET / HTTP/1.1" 200 2218
222.186.58.112 - - [20/Apr/2015:02:06:21 +0800] "GET / HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:03:09:52 +0800] "GET /?rands=_17940134730019464756219552 HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:03:09:52 +0800] "GET /?rands=_60203975847279471095360 HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:03:09:53 +0800] "GET /?rands=_1641021945027355413326856 HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:03:09:53 +0800] "GET /?rands=_50887264082341248916128 HTTP/1.1" 200 2218
61.160.247.181 - - [20/Apr/2015:03:15:50 +0800] "GET / HTTP/1.1" 200 2218
222.186.58.112 - - [20/Apr/2015:03:38:18 +0800] "GET / HTTP/1.1" 200 2218
120.132.77.4 - - [20/Apr/2015:05:24:11 +0800] "GET / HTTP/1.1" 200 2218
120.132.77.4 - - [20/Apr/2015:05:24:11 +0800] "GET / HTTP/1.1" 200 2218
222.186.130.186 - - [20/Apr/2015:05:29:46 +0800] "GET / HTTP/1.1" 200 2218
1.161.59.24 - - [20/Apr/2015:06:33:42 +0800] "CONNECT vip163mx01.mxmail.netease.com:25 HTTP/1.0" 400 -
222.186.58.97 - - [20/Apr/2015:06:40:34 +0800] "GET / HTTP/1.1" 200 2218
119.167.227.55 - - [20/Apr/2015:07:09:03 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:04 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:04 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:05 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:05 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:06 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:07 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:07 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:08 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:09 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:10 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:11 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:12 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:12 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:13 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:14 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:15 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:15 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:16 +0800] "GET /manager/html HTTP/1.1" 401 2538
120.132.77.250 - - [20/Apr/2015:08:49:29 +0800] "GET / HTTP/1.1" 200 2218
120.132.77.250 - - [20/Apr/2015:08:49:29 +0800] "GET / HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:11:31:57 +0800] "GET /?rands=_32450658764253381376600 HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:11:31:57 +0800] "GET /?rands=_1208825695617392021475544 HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:11:31:57 +0800] "GET /?rands=_1672858417822134422152172 HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:11:31:58 +0800] "GET /?rands=_50887264082424864967024 HTTP/1.1" 200 2218
222.186.58.97 - - [20/Apr/2015:12:48:26 +0800] "GET / HTTP/1.1" 200 2218

Ok，經過分析日誌，我能夠判定必定有人想搞點什麼，那麼我應該怎樣規避這一點呢？那麼我如今要作的就是註釋掉全部的tomcat-user帳戶。

二、經過Tomcat管理web app

原來能夠經過web 地址來管理web app 而沒必要去從新啓動服務哈.下面來閱讀一下文檔吧。

http:///docs/manager-howto.html

in many production environments, it is very useful to have the capability to deploy a new web application, or undeploy an existing one, without having to shut down and restart the entire container.

在生產環境中，可以不從新啓動整個容器的狀況下，部署一個web服務。 

In addition, you can request an existing application to reload itself, even if you have not declared it to be reloadable in the Tomcat server configuration file.

可讓一個存在的web應用從新加載本身。

To support these capabilities, Tomcat includes a web application (installed by default on context path/manager) that supports the following functions:

Tomcat默認支持經過 Path/manager的方式來完成以下管理功能。

• Deploy a new web application from the uploaded contents of a WAR file.

• Deploy a new web application, on a specified context path, from the server file system.

• List the currently deployed web applications, as well as the sessions that are currently active for those web apps.

• Reload an existing web application, to reflect changes in the contents of /WEB-INF/classes or /WEB-INF/lib.重新轉載已經存在的應用，包括classes和lib文件

• List the OS and JVM property values.

• List the available global JNDI resources, for use in deployment tools that are preparing <ResourceLink>elements nested in a <Context> deployment description.

• Start a stopped application (thus making it available again).

• Stop an existing application (so that it becomes unavailable), but do not undeploy it.

• Undeploy a deployed web application and delete its document base directory (unless it was deployed from file system).

A default Tomcat installation includes the Manager. To add an instance of the Manager web application Context to a new host install the manager.xml context configuration file in the$CATALINA_BASE/conf/[enginename]/[hostname] folder. Here is an example:

<Context privileged="true" antiResourceLocking="false"
         docBase="${catalina.home}/webapps/manager">
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.0\.0\.1" />
</Context>

If you have Tomcat configured to support multiple virtual hosts (websites) you would need to configure a Manager for each.

There are three ways to use the Manager web application.

• As an application with a user interface you use in your browser. Here is an example URL where you can replace localhost with your website host name: http://localhost/manager/html/ .

• A minimal version using HTTP requests only which is suitable for use by scripts setup by system administrators. Commands are given as part of the request URI, and responses are in the form of simple text that can be easily parsed and processed. See Supported Manager Commands for more information.

• A convenient set of task definitions for the Ant (version 1.4 or later) build tool. See Executing Manager Commands With Ant for more information.

三、Tomcat的異常訪問日誌 

1.171.71.43 - - [21/Apr/2015:00:29:27 +0800] "CONNECT vip163mx01.mxmail.netease.com:25 HTTP/1.0" 400

爲啥這個訪問日誌常常有呢？這個到底幹啥用的呢？