http 返回的状态值以及Tomcat webapp的管理

401 Unauthorized

当前请求须要用户验证。该响应必须包含一个适用于被请求资源的 WWW-Authenticate 信息头用以询问用户信息。客户端能够重复提交一个包含恰当的 Authorization 头信息的请求。若是当前请求已经包含了 Authorization 证书，那么401响应表明着服务器验证已经拒绝了那些证书。若是401响应包含了与前一个响应相同的身份验证询问，且浏览器已经至少尝试了一次验证，那么浏览器应当向用户展现响应中包含的实体信息，由于这个实体信息中可能包含了相关诊断信息。参见RFC 2617。

222.186.130.186 - - [20/Apr/2015:00:33:01 +0800] "GET / HTTP/1.1" 200 2218
121.40.83.80 - - [20/Apr/2015:02:01:24 +0800] "GET / HTTP/1.1" 200 2218
222.186.58.112 - - [20/Apr/2015:02:06:21 +0800] "GET / HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:03:09:52 +0800] "GET /?rands=_17940134730019464756219552 HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:03:09:52 +0800] "GET /?rands=_60203975847279471095360 HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:03:09:53 +0800] "GET /?rands=_1641021945027355413326856 HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:03:09:53 +0800] "GET /?rands=_50887264082341248916128 HTTP/1.1" 200 2218
61.160.247.181 - - [20/Apr/2015:03:15:50 +0800] "GET / HTTP/1.1" 200 2218
222.186.58.112 - - [20/Apr/2015:03:38:18 +0800] "GET / HTTP/1.1" 200 2218
120.132.77.4 - - [20/Apr/2015:05:24:11 +0800] "GET / HTTP/1.1" 200 2218
120.132.77.4 - - [20/Apr/2015:05:24:11 +0800] "GET / HTTP/1.1" 200 2218
222.186.130.186 - - [20/Apr/2015:05:29:46 +0800] "GET / HTTP/1.1" 200 2218
1.161.59.24 - - [20/Apr/2015:06:33:42 +0800] "CONNECT vip163mx01.mxmail.netease.com:25 HTTP/1.0" 400 -
222.186.58.97 - - [20/Apr/2015:06:40:34 +0800] "GET / HTTP/1.1" 200 2218
119.167.227.55 - - [20/Apr/2015:07:09:03 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:04 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:04 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:05 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:05 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:06 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:07 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:07 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:08 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:09 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:10 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:11 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:12 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:12 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:13 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:14 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:15 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:15 +0800] "GET /manager/html HTTP/1.1" 401 2538
119.167.227.55 - - [20/Apr/2015:07:09:16 +0800] "GET /manager/html HTTP/1.1" 401 2538
120.132.77.250 - - [20/Apr/2015:08:49:29 +0800] "GET / HTTP/1.1" 200 2218
120.132.77.250 - - [20/Apr/2015:08:49:29 +0800] "GET / HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:11:31:57 +0800] "GET /?rands=_32450658764253381376600 HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:11:31:57 +0800] "GET /?rands=_1208825695617392021475544 HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:11:31:57 +0800] "GET /?rands=_1672858417822134422152172 HTTP/1.1" 200 2218
104.149.88.203 - - [20/Apr/2015:11:31:58 +0800] "GET /?rands=_50887264082424864967024 HTTP/1.1" 200 2218
222.186.58.97 - - [20/Apr/2015:12:48:26 +0800] "GET / HTTP/1.1" 200 2218

Ok，经过分析日志，我能够判定必定有人想搞点什么，那么我应该怎样规避这一点呢？那么我如今要作的就是注释掉全部的tomcat-user帐户。

二、经过Tomcat管理web app

原来能够经过web 地址来管理web app 而没必要去从新启动服务哈.下面来阅读一下文档吧。

http:///docs/manager-howto.html

in many production environments, it is very useful to have the capability to deploy a new web application, or undeploy an existing one, without having to shut down and restart the entire container.

在生产环境中，可以不从新启动整个容器的状况下，部署一个web服务。 

In addition, you can request an existing application to reload itself, even if you have not declared it to be reloadable in the Tomcat server configuration file.

可让一个存在的web应用从新加载本身。

To support these capabilities, Tomcat includes a web application (installed by default on context path/manager) that supports the following functions:

Tomcat默认支持经过 Path/manager的方式来完成以下管理功能。

• Deploy a new web application from the uploaded contents of a WAR file.

• Deploy a new web application, on a specified context path, from the server file system.

• List the currently deployed web applications, as well as the sessions that are currently active for those web apps.

• Reload an existing web application, to reflect changes in the contents of /WEB-INF/classes or /WEB-INF/lib.重新转载已经存在的应用，包括classes和lib文件

• List the OS and JVM property values.

• List the available global JNDI resources, for use in deployment tools that are preparing <ResourceLink>elements nested in a <Context> deployment description.

• Start a stopped application (thus making it available again).

• Stop an existing application (so that it becomes unavailable), but do not undeploy it.

• Undeploy a deployed web application and delete its document base directory (unless it was deployed from file system).

A default Tomcat installation includes the Manager. To add an instance of the Manager web application Context to a new host install the manager.xml context configuration file in the$CATALINA_BASE/conf/[enginename]/[hostname] folder. Here is an example:

<Context privileged="true" antiResourceLocking="false"
         docBase="${catalina.home}/webapps/manager">
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.0\.0\.1" />
</Context>

If you have Tomcat configured to support multiple virtual hosts (websites) you would need to configure a Manager for each.

There are three ways to use the Manager web application.

• As an application with a user interface you use in your browser. Here is an example URL where you can replace localhost with your website host name: http://localhost/manager/html/ .

• A minimal version using HTTP requests only which is suitable for use by scripts setup by system administrators. Commands are given as part of the request URI, and responses are in the form of simple text that can be easily parsed and processed. See Supported Manager Commands for more information.

• A convenient set of task definitions for the Ant (version 1.4 or later) build tool. See Executing Manager Commands With Ant for more information.

三、Tomcat的异常访问日志 

1.171.71.43 - - [21/Apr/2015:00:29:27 +0800] "CONNECT vip163mx01.mxmail.netease.com:25 HTTP/1.0" 400

为啥这个访问日志常常有呢？这个到底干啥用的呢？