I have a JEE service on a Tomcat 9 container (Debian 10.8). In front of it an Apache Web Server + mod_proxy_ajp.
In my VH I do not have any ProxyPass rule for /manager/html context but if on a Web client I rewrite my URL adding /..;/manager/html (e.g.: https://www.example.org/site/..;/manager/html) the Tomcat Manager asks for crediatials.
Is there a trick to avoid it? Maybe using modsecurity? Thanks.
I solved the problem using a mod_security rules:
It works.