subject:"Need Help plz"

AW: Need Help plz

2002-05-30 Thread Ralph Einfeldt


For the first question:
  - Which tomcat do you use ?
  - Do you run it stand alone or with apache or iis
- Which connector do you use

For the second question:
  I would't do that. It introduces more problems than
  it helps.
  Blocking an IP is a dangerous thing. There can be
  serveral thausend people that have the same IP.
  They would all be blocked. If you implement somthing 
  like this it's very easy to disable your site for a wide 
  range of users. (If some hackers find out that 'feature'
  they will play around with that. It's possible to send
  out packets with faked IP adresses. So if a hacker
  wants to attack your site, he can issue requests
  with IP's from proxies with a high user number)

  Blocking an IP is not very effective, as any hacker
  who has a provider with dynamic IP's can change his IP
  with every try. (If you block that IP, the next user
  that gets this IP will be blocked).  

  The only scenario where this would make sense is an
  extranet where you know that the each user will have
  a unique IP. (But in this case I would rather restrict
  the IP's for the incoming requests)

> -Ursprüngliche Nachricht-
> Von: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> Gesendet: Freitag, 31. Mai 2002 00:24
> An: [EMAIL PROTECTED]
> Betreff: Need Help plz
> 
> 
> 
> Hi ,
> 
>   i need  help please in two subjects .. My problems are what
> configuration I should have to do in the server to prevent:
> 
>  1)   Prohibit downloading the *.jsp files from any client on the
> internet... [ I noticed that if  I wrote the URL of my site 
> ending with
> myFile.JSP  [ JSP in Capital letters] the page not opened ! , but  the
> server offered me to download the file it self ! ..Which I 
> don’t want
> any user knows this property to download my own source-code jsp files!
> 
>  2)   My application  is  depend on a password 
> authentication  , which
> I don’t want  any cracker to keep trying 
> usernames/passwords for 
> many tries ..  How should I tell the server to block an ip 
> after 3 times
> tries [for example] and for how long this ip will be blocked!
> 
>   are thses problems related with the Apache server or Tomcat 
> serve or both
> of them !!.. does anyone face like these problems ?! 
> 
>   
>  Java_lover : Walid 
> 
> --
> To unsubscribe, e-mail:   
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: 
> <mailto:[EMAIL PROTECTED]>
> 
> 
> 

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Need Help plz

2002-05-30 Thread Mike Jackson


mod_jk, mod_jserv or mod_webapp, they are the "glue" that allows tomcat to
respond for the jsp and servlets and allows apache to serve all the static
content (pictures, html files, etc).  If you're running "apache and tomcat"
then you've got to be using one of them unless you are putting a different
port in all the href's and form action's that point to tomcat.  If you don't
know what you're running, then you can go to netcraft (www.netcraft.com) and
find out what it thinks you're running on your web server.  Generally if
you're running a java environment under apache it'll tell you what connector
you're using.  At least it does in my experience.

If you're using mod_jserv or mod_webapp you're going to have to look to
someone else for assistance, I haven't played with jserv in ages (and don't
want to again) and haven't looked at webapp yet, as I'm only using tomcat
3.x.

--mikej
-=-
mike jackson
[EMAIL PROTECTED]

> -Original Message-
> From: Walid Mohammed [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 30, 2002 5:06 PM
> To: Tomcat Users List
> Subject: Re: Need Help plz
>
>
>
>
>   i couldn't find that mod_jk file !..and what do you mean by connector !?
>
>
>
> Mike Jackson writes:
>
> > No in the mod_jk config file, but that'll vary depending on
> what connector
> > you're using.
> >
> > --mikej
> > -=-
> > mike jackson
> > [EMAIL PROTECTED]
> >
> > > -Original Message-
> > > From: Walid Mohammed [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, May 30, 2002 4:47 PM
> > > To: Tomcat Users List
> > > Subject: Re: Need Help plz
> > >
> > >
> > >
> > >
> > >
> > >  so how should i told Appache to do that ?!.. you mean changing
> > > configurations or sending mails to Appache group ?!
> > >
> > > Mike Jackson writes:
> > >
> > > > Oops, perhaps I should have read that a bit more clearly, I
> think you'll
> > > > definately need to tell apache to forward the requests for the
> > > various cases
> > > > of jsp to tomcat.  IIS may do something like the apache module
> > > that apple
> > > > puts out or something, I have no idea.
> > > >
> > > > --mikej
> > > > -=-
> > > > mike jackson
> > > > [EMAIL PROTECTED]
> > > >
> > > > > -Original Message-
> > > > > From: Walid Mohammed [mailto:[EMAIL PROTECTED]]
> > > > > Sent: Thursday, May 30, 2002 4:34 PM
> > > > > To: Tomcat Users List
> > > > > Subject: Re: Need Help plz
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >  Well, Mike ..i use a jakarta-tomcat [combined with Apache
> > > > > webserver] ver 4
> > > > >  under win2000 :) .. and remote site work well when as i told
> > > > > addressing it
> > > > > by *.jsp [small letters] the problem came when i use *.JSP [
> > > capital ] the
> > > > > browser offered me to download the jsp file ..
> > > > >
> > > > >  i hope the web.xml cofiguration you told me about will solve
> > > the problem
> > > > >
> > > > >  [ this msg just for clearity between Nicholas's problem & mine ]
> > > > >
> > > > >
> > > > >
> > > > > Nicholas Orr writes:
> > > > >
> > > > > > I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in
> > > file.jsP and
> > > > > > file.jsp exists I get a resource not found error then when I
> > > > > put in file.jsp
> > > > > > it loads file.jsp
> > > > > >
> > > > > > > >> -Original Message-
> > > > > > > >> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> > > > > > > >> Sent: Thursday, May 30, 2002 3:24 PM
> > > > > > > >> To: [EMAIL PROTECTED]
> > > > > > > >> Subject: Need Help plz
> > > > > > > >>
> > > > > > > >>
> > > > > > > >>
> > > > > > > >> Hi ,
> > > > > > > >>
> > > > > > > >>   i need  help please in

Re: Need Help plz

2002-05-30 Thread Walid Mohammed




  i couldn't find that mod_jk file !..and what do you mean by connector !?



Mike Jackson writes:

> No in the mod_jk config file, but that'll vary depending on what connector
> you're using.
> 
> --mikej
> -=-
> mike jackson
> [EMAIL PROTECTED]
> 
> > -Original Message-
> > From: Walid Mohammed [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, May 30, 2002 4:47 PM
> > To: Tomcat Users List
> > Subject: Re: Need Help plz
> >
> >
> >
> >
> >
> >  so how should i told Appache to do that ?!.. you mean changing
> > configurations or sending mails to Appache group ?!
> >
> > Mike Jackson writes:
> >
> > > Oops, perhaps I should have read that a bit more clearly, I think you'll
> > > definately need to tell apache to forward the requests for the
> > various cases
> > > of jsp to tomcat.  IIS may do something like the apache module
> > that apple
> > > puts out or something, I have no idea.
> > >
> > > --mikej
> > > -=-
> > > mike jackson
> > > [EMAIL PROTECTED]
> > >
> > > > -Original Message-
> > > > From: Walid Mohammed [mailto:[EMAIL PROTECTED]]
> > > > Sent: Thursday, May 30, 2002 4:34 PM
> > > > To: Tomcat Users List
> > > > Subject: Re: Need Help plz
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >  Well, Mike ..i use a jakarta-tomcat [combined with Apache
> > > > webserver] ver 4
> > > >  under win2000 :) .. and remote site work well when as i told
> > > > addressing it
> > > > by *.jsp [small letters] the problem came when i use *.JSP [
> > capital ] the
> > > > browser offered me to download the jsp file ..
> > > >
> > > >  i hope the web.xml cofiguration you told me about will solve
> > the problem
> > > >
> > > >  [ this msg just for clearity between Nicholas's problem & mine ]
> > > >
> > > >
> > > >
> > > > Nicholas Orr writes:
> > > >
> > > > > I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in
> > file.jsP and
> > > > > file.jsp exists I get a resource not found error then when I
> > > > put in file.jsp
> > > > > it loads file.jsp
> > > > >
> > > > > > >> -Original Message-
> > > > > > >> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> > > > > > >> Sent: Thursday, May 30, 2002 3:24 PM
> > > > > > >> To: [EMAIL PROTECTED]
> > > > > > >> Subject: Need Help plz
> > > > > > >>
> > > > > > >>
> > > > > > >>
> > > > > > >> Hi ,
> > > > > > >>
> > > > > > >>   i need  help please in two subjects .. My
> > problems are what
> > > > > > >> configuration I should have to do in the server to prevent:
> > > > > > >>
> > > > > > >>  1)   Prohibit downloading the *.jsp files from any
> > > > client on the
> > > > > > >> internet... [ I noticed that if  I wrote the URL of my
> > site ending
> > > > > > >> with myFile.JSP  [ JSP in Capital letters] the page
> > not opened ! ,
> > > > > > >> but  the server offered me to download the file it self !
> > > > ..Which I
> > > > > > >> don’t want any user knows this property to
> > download my own
> > > > > > >> source-code jsp files!
> > > > > > >>
> > > > > > >>  2)   My application  is  depend on a password
> > > > > > authentication  , which
> > > > > > >> I don’t want  any cracker to keep trying
> > usernames/passwords
> > > > > > >> for many tries ..  How should I tell the server to block an ip
> > > > > > after 3 times
> > > > > > >> tries [for example] and for how long this ip will be blocked!
> > > > > > >>
> > > > > > >>   are thses problems related with the Apache server or
> > > > Tomcat serve
> > > > > > >> or both of them !!.. does anyone face like these problems ?!
> > > > > > >>
> > > > &

RE: Need Help plz

2002-05-30 Thread Mike Jackson


No in the mod_jk config file, but that'll vary depending on what connector
you're using.

--mikej
-=-
mike jackson
[EMAIL PROTECTED]

> -Original Message-
> From: Walid Mohammed [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 30, 2002 4:47 PM
> To: Tomcat Users List
> Subject: Re: Need Help plz
>
>
>
>
>
>  so how should i told Appache to do that ?!.. you mean changing
> configurations or sending mails to Appache group ?!
>
> Mike Jackson writes:
>
> > Oops, perhaps I should have read that a bit more clearly, I think you'll
> > definately need to tell apache to forward the requests for the
> various cases
> > of jsp to tomcat.  IIS may do something like the apache module
> that apple
> > puts out or something, I have no idea.
> >
> > --mikej
> > -=-
> > mike jackson
> > [EMAIL PROTECTED]
> >
> > > -Original Message-
> > > From: Walid Mohammed [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, May 30, 2002 4:34 PM
> > > To: Tomcat Users List
> > > Subject: Re: Need Help plz
> > >
> > >
> > >
> > >
> > >
> > >  Well, Mike ..i use a jakarta-tomcat [combined with Apache
> > > webserver] ver 4
> > >  under win2000 :) .. and remote site work well when as i told
> > > addressing it
> > > by *.jsp [small letters] the problem came when i use *.JSP [
> capital ] the
> > > browser offered me to download the jsp file ..
> > >
> > >  i hope the web.xml cofiguration you told me about will solve
> the problem
> > >
> > >  [ this msg just for clearity between Nicholas's problem & mine ]
> > >
> > >
> > >
> > > Nicholas Orr writes:
> > >
> > > > I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in
> file.jsP and
> > > > file.jsp exists I get a resource not found error then when I
> > > put in file.jsp
> > > > it loads file.jsp
> > > >
> > > > > >> -Original Message-
> > > > > >> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> > > > > >> Sent: Thursday, May 30, 2002 3:24 PM
> > > > > >> To: [EMAIL PROTECTED]
> > > > > >> Subject: Need Help plz
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> Hi ,
> > > > > >>
> > > > > >>   i need  help please in two subjects .. My
> problems are what
> > > > > >> configuration I should have to do in the server to prevent:
> > > > > >>
> > > > > >>  1)   Prohibit downloading the *.jsp files from any
> > > client on the
> > > > > >> internet... [ I noticed that if  I wrote the URL of my
> site ending
> > > > > >> with myFile.JSP  [ JSP in Capital letters] the page
> not opened ! ,
> > > > > >> but  the server offered me to download the file it self !
> > > ..Which I
> > > > > >> don’t want any user knows this property to
> download my own
> > > > > >> source-code jsp files!
> > > > > >>
> > > > > >>  2)   My application  is  depend on a password
> > > > > authentication  , which
> > > > > >> I don’t want  any cracker to keep trying
> usernames/passwords
> > > > > >> for many tries ..  How should I tell the server to block an ip
> > > > > after 3 times
> > > > > >> tries [for example] and for how long this ip will be blocked!
> > > > > >>
> > > > > >>   are thses problems related with the Apache server or
> > > Tomcat serve
> > > > > >> or both of them !!.. does anyone face like these problems ?!
> > > > > >>
> > > > > >>
> > > > > >>  Java_lover : Walid
> > > > > >>
> > > > > >> --
> > > > > >> To unsubscribe, e-mail:
> > > > > >> <mailto:[EMAIL PROTECTED]>
> > > > > >> For additional commands, e-mail:
> > > > > >> <mailto:[EMAIL PROTECTED]>
> > > > > >>
> > > > > >
> > > > > >
> > > > > > --
> > > > > > To unsubscribe, e-mail:
> > > > <mailto:[EMAIL PROTECTED]>
>

Re: Need Help plz

2002-05-30 Thread Walid Mohammed




  
 so how should i told Appache to do that ?!.. you mean changing
configurations or sending mails to Appache group ?!

Mike Jackson writes:

> Oops, perhaps I should have read that a bit more clearly, I think you'll
> definately need to tell apache to forward the requests for the various cases
> of jsp to tomcat.  IIS may do something like the apache module that apple
> puts out or something, I have no idea.
> 
> --mikej
> -=-
> mike jackson
> [EMAIL PROTECTED]
> 
> > -Original Message-
> > From: Walid Mohammed [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, May 30, 2002 4:34 PM
> > To: Tomcat Users List
> > Subject: Re: Need Help plz
> >
> >
> >
> >
> >
> >  Well, Mike ..i use a jakarta-tomcat [combined with Apache
> > webserver] ver 4
> >  under win2000 :) .. and remote site work well when as i told
> > addressing it
> > by *.jsp [small letters] the problem came when i use *.JSP [ capital ] the
> > browser offered me to download the jsp file ..
> >
> >  i hope the web.xml cofiguration you told me about will solve the problem
> >
> >  [ this msg just for clearity between Nicholas's problem & mine ]
> >
> >
> >
> > Nicholas Orr writes:
> >
> > > I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and
> > > file.jsp exists I get a resource not found error then when I
> > put in file.jsp
> > > it loads file.jsp
> > >
> > > > >> -Original Message-
> > > > >> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> > > > >> Sent: Thursday, May 30, 2002 3:24 PM
> > > > >> To: [EMAIL PROTECTED]
> > > > >> Subject: Need Help plz
> > > > >>
> > > > >>
> > > > >>
> > > > >> Hi ,
> > > > >>
> > > > >>   i need  help please in two subjects .. My problems are what
> > > > >> configuration I should have to do in the server to prevent:
> > > > >>
> > > > >>  1)   Prohibit downloading the *.jsp files from any
> > client on the
> > > > >> internet... [ I noticed that if  I wrote the URL of my site ending
> > > > >> with myFile.JSP  [ JSP in Capital letters] the page not opened ! ,
> > > > >> but  the server offered me to download the file it self !
> > ..Which I
> > > > >> don’t want any user knows this property to download my own
> > > > >> source-code jsp files!
> > > > >>
> > > > >>  2)   My application  is  depend on a password
> > > > authentication  , which
> > > > >> I don’t want  any cracker to keep trying usernames/passwords
> > > > >> for many tries ..  How should I tell the server to block an ip
> > > > after 3 times
> > > > >> tries [for example] and for how long this ip will be blocked!
> > > > >>
> > > > >>   are thses problems related with the Apache server or
> > Tomcat serve
> > > > >> or both of them !!.. does anyone face like these problems ?!
> > > > >>
> > > > >>
> > > > >>  Java_lover : Walid
> > > > >>
> > > > >> --
> > > > >> To unsubscribe, e-mail:
> > > > >> <mailto:[EMAIL PROTECTED]>
> > > > >> For additional commands, e-mail:
> > > > >> <mailto:[EMAIL PROTECTED]>
> > > > >>
> > > > >
> > > > >
> > > > > --
> > > > > To unsubscribe, e-mail:
> > > <mailto:[EMAIL PROTECTED]>
> > > > For additional commands, e-mail:
> > > <mailto:[EMAIL PROTECTED]>
> > > >
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> >
> >
> > --
> > To unsubscribe, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> >
> >
> > **
> > The information contained in this e-mail is confidential and is
> > intended only for the use of the addressee(s).
> > If you receive this e-mail in error, any use, distribution or
> > copying of this e-mail is not permitted. You are requested to
> > forward unwanted e-mail and address any problems to the
> > MIM Holdings Limited Support Centre.
> >
> > For general enquires:   ++61 7 3833 8000
> > Support Centre e-mail:  [EMAIL PROTECTED]
> > Support Centre phone:   Australia 1800500646
> > International ++61 7 38338042
> > **
> >
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> >
> 
> 
> Walid Al-Abbadi
> 
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
> 


Walid Al-Abbadi

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Need Help plz

2002-05-30 Thread Mike Jackson


Oops, perhaps I should have read that a bit more clearly, I think you'll
definately need to tell apache to forward the requests for the various cases
of jsp to tomcat.  IIS may do something like the apache module that apple
puts out or something, I have no idea.

--mikej
-=-
mike jackson
[EMAIL PROTECTED]

> -Original Message-
> From: Walid Mohammed [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 30, 2002 4:34 PM
> To: Tomcat Users List
> Subject: Re: Need Help plz
>
>
>
>
>
>  Well, Mike ..i use a jakarta-tomcat [combined with Apache
> webserver] ver 4
>  under win2000 :) .. and remote site work well when as i told
> addressing it
> by *.jsp [small letters] the problem came when i use *.JSP [ capital ] the
> browser offered me to download the jsp file ..
>
>  i hope the web.xml cofiguration you told me about will solve the problem
>
>  [ this msg just for clearity between Nicholas's problem & mine ]
>
>
>
> Nicholas Orr writes:
>
> > I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and
> > file.jsp exists I get a resource not found error then when I
> put in file.jsp
> > it loads file.jsp
> >
> > > >> -Original Message-
> > > >> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> > > >> Sent: Thursday, May 30, 2002 3:24 PM
> > > >> To: [EMAIL PROTECTED]
> > > >> Subject: Need Help plz
> > > >>
> > > >>
> > > >>
> > > >> Hi ,
> > > >>
> > > >>   i need  help please in two subjects .. My problems are what
> > > >> configuration I should have to do in the server to prevent:
> > > >>
> > > >>  1)   Prohibit downloading the *.jsp files from any
> client on the
> > > >> internet... [ I noticed that if  I wrote the URL of my site ending
> > > >> with myFile.JSP  [ JSP in Capital letters] the page not opened ! ,
> > > >> but  the server offered me to download the file it self !
> ..Which I
> > > >> don’t want any user knows this property to download my own
> > > >> source-code jsp files!
> > > >>
> > > >>  2)   My application  is  depend on a password
> > > authentication  , which
> > > >> I don’t want  any cracker to keep trying usernames/passwords
> > > >> for many tries ..  How should I tell the server to block an ip
> > > after 3 times
> > > >> tries [for example] and for how long this ip will be blocked!
> > > >>
> > > >>   are thses problems related with the Apache server or
> Tomcat serve
> > > >> or both of them !!.. does anyone face like these problems ?!
> > > >>
> > > >>
> > > >>  Java_lover : Walid
> > > >>
> > > >> --
> > > >> To unsubscribe, e-mail:
> > > >> <mailto:[EMAIL PROTECTED]>
> > > >> For additional commands, e-mail:
> > > >> <mailto:[EMAIL PROTECTED]>
> > > >>
> > > >
> > > >
> > > > --
> > > > To unsubscribe, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > > For additional commands, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > >
> >
> >
> > --
> > To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
> **
> The information contained in this e-mail is confidential and is
> intended only for the use of the addressee(s).
> If you receive this e-mail in error, any use, distribution or
> copying of this e-mail is not permitted. You are requested to
> forward unwanted e-mail and address any problems to the
> MIM Holdings Limited Support Centre.
>
> For general enquires: ++61 7 3833 8000
> Support Centre e-mail:[EMAIL PROTECTED]
> Support Centre phone: Australia 1800500646
>   International ++61 7 38338042
> **
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>


Walid Al-Abbadi

--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Need Help plz

2002-05-30 Thread Mike Jackson


You might have to do some configuration in the iis -> tomcat connector
stuff, I know in apache->tomcat
(which is what I use under various unix flavors) there's a need to put in
the mod_jk.conf file a directive that says to pass the request to tomcat for
this file pattern (looks like this "JkMount /*.jsp ajp13").  Then the
mapping will take effect in the web.xml.  Personally I'm playing around with
*.xsql files (oracle's xsql servlet), and I found that it didn't matter what
the mapping was in the web.xml under the WEB-INF unless I had that mapping
also in the mod_jk.conf file.

But your mileage may vary, some assembly required, batteries not included.
:)

--mikej
-=-
mike jackson
[EMAIL PROTECTED]

> -Original Message-
> From: Walid Mohammed [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 30, 2002 4:34 PM
> To: Tomcat Users List
> Subject: Re: Need Help plz
>
>
>
>
>
>  Well, Mike ..i use a jakarta-tomcat [combined with Apache
> webserver] ver 4
>  under win2000 :) .. and remote site work well when as i told
> addressing it
> by *.jsp [small letters] the problem came when i use *.JSP [ capital ] the
> browser offered me to download the jsp file ..
>
>  i hope the web.xml cofiguration you told me about will solve the problem
>
>  [ this msg just for clearity between Nicholas's problem & mine ]
>
>
>
> Nicholas Orr writes:
>
> > I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and
> > file.jsp exists I get a resource not found error then when I
> put in file.jsp
> > it loads file.jsp
> >
> > > >> -Original Message-
> > > >> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> > > >> Sent: Thursday, May 30, 2002 3:24 PM
> > > >> To: [EMAIL PROTECTED]
> > > >> Subject: Need Help plz
> > > >>
> > > >>
> > > >>
> > > >> Hi ,
> > > >>
> > > >>   i need  help please in two subjects .. My problems are what
> > > >> configuration I should have to do in the server to prevent:
> > > >>
> > > >>  1)   Prohibit downloading the *.jsp files from any
> client on the
> > > >> internet... [ I noticed that if  I wrote the URL of my site ending
> > > >> with myFile.JSP  [ JSP in Capital letters] the page not opened ! ,
> > > >> but  the server offered me to download the file it self !
> ..Which I
> > > >> don’t want any user knows this property to download my own
> > > >> source-code jsp files!
> > > >>
> > > >>  2)   My application  is  depend on a password
> > > authentication  , which
> > > >> I don’t want  any cracker to keep trying usernames/passwords
> > > >> for many tries ..  How should I tell the server to block an ip
> > > after 3 times
> > > >> tries [for example] and for how long this ip will be blocked!
> > > >>
> > > >>   are thses problems related with the Apache server or
> Tomcat serve
> > > >> or both of them !!.. does anyone face like these problems ?!
> > > >>
> > > >>
> > > >>  Java_lover : Walid
> > > >>
> > > >> --
> > > >> To unsubscribe, e-mail:
> > > >> <mailto:[EMAIL PROTECTED]>
> > > >> For additional commands, e-mail:
> > > >> <mailto:[EMAIL PROTECTED]>
> > > >>
> > > >
> > > >
> > > > --
> > > > To unsubscribe, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > > For additional commands, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > >
> >
> >
> > --
> > To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
> **
> The information contained in this e-mail is confidential and is
> intended only for the use of the addressee(s).
> If you receive this e-mail in error, any use, distribution or
> copying of this e-mail is not permitted. You are requested to
> forward unwanted e-mail and address any problems to the
> MIM Holdings Limited Support Centre.
>
> For general enquires: ++61 7 3833 8000
> Support Centre e-mail:[EMAIL PROTECTED]
> Support Centre phone: Australia 1800500646
>   International ++61 7 38338042
> **
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>


Walid Al-Abbadi

--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Need Help plz

2002-05-30 Thread Walid Mohammed





 Well, Mike ..i use a jakarta-tomcat [combined with Apache webserver] ver 4
 under win2000 :) .. and remote site work well when as i told addressing it
by *.jsp [small letters] the problem came when i use *.JSP [ capital ] the
browser offered me to download the jsp file .. 
 
 i hope the web.xml cofiguration you told me about will solve the problem 

 [ this msg just for clearity between Nicholas's problem & mine ]



Nicholas Orr writes:

> I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and
> file.jsp exists I get a resource not found error then when I put in file.jsp
> it loads file.jsp
> 
> > >> -Original Message-
> > >> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> > >> Sent: Thursday, May 30, 2002 3:24 PM
> > >> To: [EMAIL PROTECTED]
> > >> Subject: Need Help plz
> > >>
> > >>
> > >>
> > >> Hi ,
> > >>
> > >>   i need  help please in two subjects .. My problems are what 
> > >> configuration I should have to do in the server to prevent:
> > >>
> > >>  1)   Prohibit downloading the *.jsp files from any client on the
> > >> internet... [ I noticed that if  I wrote the URL of my site ending 
> > >> with myFile.JSP  [ JSP in Capital letters] the page not opened ! , 
> > >> but  the server offered me to download the file it self ! ..Which I 
> > >> don’t want any user knows this property to download my own 
> > >> source-code jsp files!
> > >>
> > >>  2)   My application  is  depend on a password
> > authentication  , which
> > >> I don’t want  any cracker to keep trying usernames/passwords 
> > >> for many tries ..  How should I tell the server to block an ip
> > after 3 times
> > >> tries [for example] and for how long this ip will be blocked!
> > >>
> > >>   are thses problems related with the Apache server or Tomcat serve 
> > >> or both of them !!.. does anyone face like these problems ?!
> > >>
> > >>
> > >>  Java_lover : Walid
> > >>
> > >> --
> > >> To unsubscribe, e-mail: 
> > >> <mailto:[EMAIL PROTECTED]>
> > >> For additional commands, e-mail: 
> > >> <mailto:[EMAIL PROTECTED]>
> > >>
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> >
> 
> 
> --
> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> 
> 
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> 
> 
> **
> The information contained in this e-mail is confidential and is
> intended only for the use of the addressee(s).
> If you receive this e-mail in error, any use, distribution or
> copying of this e-mail is not permitted. You are requested to
> forward unwanted e-mail and address any problems to the
> MIM Holdings Limited Support Centre.
> 
> For general enquires: ++61 7 3833 8000
> Support Centre e-mail:[EMAIL PROTECTED]
> Support Centre phone: Australia 1800500646
>   International ++61 7 38338042
> **
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
> 


Walid Al-Abbadi

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Need Help plz

2002-05-30 Thread Mike Jackson


Hmm, I still have no clue, but if if you did have this problem then the
mapping statements would eliminate the problem.  Tomcat-4+ may not have this
issue.  Perhaps Walid is using 3, but I really have no clue.

--mikej
-=-
mike jackson
[EMAIL PROTECTED]

> -Original Message-
> From: Nicholas Orr [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 30, 2002 4:27 PM
> To: 'Tomcat Users List'
> Subject: RE: Need Help plz
>
>
> Well it happens like that when I go straight to TC via
> http://localhost:8080
>
> -Original Message-
> From: Mike Jackson [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 31, 2002 9:24 AM
> To: Tomcat Users List
> Subject: RE: Need Help plz
>
>
> Hmm, well we don't really know what kind of environment Walid is
> using, so I
> can't say why he has that problem and you don't.  The
> configuration for IIS
> may include filtering to protect against case problems, but I really can't
> say.  I don't use IIS very much, and when I do it's with JRUN.
>
> --mikej
> -=-
> mike jackson
> [EMAIL PROTECTED]
>
> > -Original Message-
> > From: Nicholas Orr [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, May 30, 2002 4:19 PM
> > To: 'Tomcat Users List'
> > Subject: RE: Need Help plz
> >
> >
> > I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP
> > and file.jsp exists I get a resource not found error then when I put
> > in file.jsp it loads file.jsp
> >
> > > >> -Original Message-
> > > >> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> > > >> Sent: Thursday, May 30, 2002 3:24 PM
> > > >> To: [EMAIL PROTECTED]
> > > >> Subject: Need Help plz
> > > >>
> > > >>
> > > >>
> > > >> Hi ,
> > > >>
> > > >>   i need  help please in two subjects .. My problems are what
> > > >> configuration I should have to do in the server to prevent:
> > > >>
> > > >>  1)   Prohibit downloading the *.jsp files from any
> client on the
> > > >> internet... [ I noticed that if  I wrote the URL of my site
> > > >> ending with myFile.JSP  [ JSP in Capital letters] the page not
> > > >> opened ! , but  the server offered me to download the file it
> > > >> self ! ..Which I don’t want any user knows this property to
> > > >> download my own source-code jsp files!
> > > >>
> > > >>  2)   My application  is  depend on a password
> > > authentication  , which
> > > >> I don’t want  any cracker to keep trying
> > > >> usernames/passwords for many tries ..  How should I tell the
> > > >> server to block an ip
> > > after 3 times
> > > >> tries [for example] and for how long this ip will be blocked!
> > > >>
> > > >>   are thses problems related with the Apache server or Tomcat
> > > >> serve or both of them !!.. does anyone face like these problems
> > > >> ?!
> > > >>
> > > >>
> > > >>  Java_lover : Walid
> > > >>
> > > >> --
> > > >> To unsubscribe, e-mail:
> > > >> <mailto:[EMAIL PROTECTED]>
> > > >> For additional commands, e-mail:
> > > >> <mailto:[EMAIL PROTECTED]>
> > > >>
> > > >
> > > >
> > > > --
> > > > To unsubscribe, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > > For additional commands, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > >
> >
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


**
The information contained in this e-mail is confidential and is intended
only for the use of the addressee(s). If you receive this e-mail in error,
any use, distribution or copying of this e-mail is not permitted. You are
requested to forward unwanted e-mail and address any problems to the MIM
Holdings Limited Support Centre.

For general enquires:   ++61 7 3833 8000
Support Centre e-mail:  [EMAIL PROTECTED]
Support Centre phone:   Australia 1800500646
International ++61 7 38338042
**


--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Need Help plz

2002-05-30 Thread Phillip Morelock


> You probably wouldn't have this problem if you used apache I think, if the
> apache module does checking then it'll probably figure out that since the

The response (to you and Mr. Nicholas Orr) is simply that you I guess you're
both right, but I am a firm believer in Tomcat standalone in many
situations. This here is a bit of a problem, one that I didn't think of
before since Apache is "smart" about this.  I made the ridiculous assumption
that Tomcat was equally perceptive (not a crack at Tomcat, just a small
grumble).  

Fault in my brain:
Tomcat == Apache Project == same case-sensitivity awareness

cheers
fillup

On 5/30/02 4:15 PM, "Mike Jackson" <[EMAIL PROTECTED]> wrote:

> You probably wouldn't have this problem if you used apache I think, if the
> apache module does checking then it'll probably figure out that since the
> *.jsp file is just that a *.jsp file and if you're using mod_jk or probably
> mod_webapp (I haven't used this yet), it'll see in it's config that its
> supposed to hand those over to tomcat.  But then again I could be wrong, I
> don't have one of those environments to play with.
> 
> --mikej
> -=-
> mike jackson
> [EMAIL PROTECTED]
> 
>> -Original Message-
>> From: Phillip Morelock [mailto:[EMAIL PROTECTED]]
>> Sent: Thursday, May 30, 2002 3:57 PM
>> To: Tomcat Users List
>> Subject: Re: Need Help plz
>> 
>> 
>>> 1) Get off of windows :)
>> 
>> Excellent point (just kidding) but actually, thanks for pointing the
>> case-problem-fix out.
>> 
>> This also happens on Mac OS X (which has a case-respecting,
>> case-insensitive
>> filesystem that annoys me frequently when working in the Unix
>> side).  Apple
>> distributes an Apache module which fixes the associated security problems
>> for httpd, but I didn't even think to check this under Tomcat.
>> Good thing I
>> only deploy on Linux.  ;)
>> 
>> So, Mac OS X users beware.
>> 
>> I wonder how receptive the Tomcat committers would be to patches /
>> automatically enabled workarounds for resolving / protecting against this
>> issue.
>> 
>> cheers
>> fillup
>> 
>> 
>> On 5/30/02 3:43 PM, "Mike Jackson" <[EMAIL PROTECTED]> wrote:
>> 
>>> 1) Get off of windows :)
>>> 
>>>  Or add the following to web.xml under $TOMCAT_HOME/conf, unless I'm
>>> mistaken that should cover all of the possible miss-cases of "jsp".
>>> 
>>> 
>>>   jsp
>>>   *.Jsp
>>> 
>>> 
>>>   jsp
>>>   *.JSp
>>> 
>>> 
>>>   jsp
>>>   *.JsP
>>> 
>>> 
>>>   jsp
>>>   *.JSP
>>> 
>>> 
>>>   jsp
>>>   *.jSp
>>> 
>>> 
>>>   jsp
>>>   *.jSP
>>> 
>>> 
>>>   jsp
>>>   *.jsP
>>> 
>>> 
>>> 2) You'll probably have to do this in your application I think.
>>  If it were
>>> me I'd create a singleton class that stored a list of login
>> attempts with ip
>>> address of the source, and prior to allowing some client to
>> attempt login
>>> I'd check the list.
>>> 
>>> --mikej
>>> -=-
>>> mike jackson
>>> [EMAIL PROTECTED]
>>> 
>>>> -Original Message-
>>>> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
>>>> Sent: Thursday, May 30, 2002 3:24 PM
>>>> To: [EMAIL PROTECTED]
>>>> Subject: Need Help plz
>>>> 
>>>> 
>>>> 
>>>> Hi ,
>>>> 
>>>>   i need  help please in two subjects .. My problems are what
>>>> configuration I should have to do in the server to prevent:
>>>> 
>>>>  1)   Prohibit downloading the *.jsp files from any client on the
>>>> internet... [ I noticed that if  I wrote the URL of my site ending with
>>>> myFile.JSP  [ JSP in Capital letters] the page not opened ! , but  the
>>>> server offered me to download the file it self ! ..Which I
>>>> don’t want
>>>> any user knows this property to download my own source-code jsp files!
>>>> 
>>>>  2)   My application  is  depend on a password
>> authentication  , which
>>>> I don’t want  any cracker to keep trying usernames/passwords for
>>>> many tries ..  How should I tell the server to block an ip
>> after 3 times
>>>> tries [for example] and for how long this ip will be blocked!
>>>> 
>>>>   are thses problems related with the Apache server or Tomcat
>>>> serve or both
>>>> of them !!.. does anyone face like these problems ?!
>>>> 
>>>> 
>>>>  Java_lover : Walid
>>>> 
>>>> --
>>>> To unsubscribe, e-mail:
>>>> <mailto:[EMAIL PROTECTED]>
>>>> For additional commands, e-mail:
>>>> <mailto:[EMAIL PROTECTED]>
>>>> 
>>> 
>>> 
>>> --
>>> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
>> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>> 
> 
> 
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
> 


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Need Help plz

2002-05-30 Thread Nicholas Orr


Well it happens like that when I go straight to TC via http://localhost:8080

-Original Message-
From: Mike Jackson [mailto:[EMAIL PROTECTED]] 
Sent: Friday, May 31, 2002 9:24 AM
To: Tomcat Users List
Subject: RE: Need Help plz


Hmm, well we don't really know what kind of environment Walid is using, so I
can't say why he has that problem and you don't.  The configuration for IIS
may include filtering to protect against case problems, but I really can't
say.  I don't use IIS very much, and when I do it's with JRUN.

--mikej
-=-
mike jackson
[EMAIL PROTECTED]

> -Original Message-
> From: Nicholas Orr [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 30, 2002 4:19 PM
> To: 'Tomcat Users List'
> Subject: RE: Need Help plz
>
>
> I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP 
> and file.jsp exists I get a resource not found error then when I put 
> in file.jsp it loads file.jsp
>
> > >> -Original Message-
> > >> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> > >> Sent: Thursday, May 30, 2002 3:24 PM
> > >> To: [EMAIL PROTECTED]
> > >> Subject: Need Help plz
> > >>
> > >>
> > >>
> > >> Hi ,
> > >>
> > >>   i need  help please in two subjects .. My problems are what 
> > >> configuration I should have to do in the server to prevent:
> > >>
> > >>  1)   Prohibit downloading the *.jsp files from any client on the
> > >> internet... [ I noticed that if  I wrote the URL of my site 
> > >> ending with myFile.JSP  [ JSP in Capital letters] the page not 
> > >> opened ! , but  the server offered me to download the file it 
> > >> self ! ..Which I don’t want any user knows this property to 
> > >> download my own source-code jsp files!
> > >>
> > >>  2)   My application  is  depend on a password
> > authentication  , which
> > >> I don’t want  any cracker to keep trying 
> > >> usernames/passwords for many tries ..  How should I tell the 
> > >> server to block an ip
> > after 3 times
> > >> tries [for example] and for how long this ip will be blocked!
> > >>
> > >>   are thses problems related with the Apache server or Tomcat 
> > >> serve or both of them !!.. does anyone face like these problems 
> > >> ?!
> > >>
> > >>
> > >>  Java_lover : Walid
> > >>
> > >> --
> > >> To unsubscribe, e-mail: 
> > >> <mailto:[EMAIL PROTECTED]>
> > >> For additional commands, e-mail: 
> > >> <mailto:[EMAIL PROTECTED]>
> > >>
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> >
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


**
The information contained in this e-mail is confidential and is intended
only for the use of the addressee(s). If you receive this e-mail in error,
any use, distribution or copying of this e-mail is not permitted. You are
requested to forward unwanted e-mail and address any problems to the MIM
Holdings Limited Support Centre.

For general enquires:   ++61 7 3833 8000
Support Centre e-mail:  [EMAIL PROTECTED]
Support Centre phone:   Australia 1800500646
International ++61 7 38338042
**


--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Need Help plz

2002-05-30 Thread Mike Jackson


Hmm, well we don't really know what kind of environment Walid is using, so I
can't say why he has that problem and you don't.  The configuration for IIS
may include filtering to protect against case problems, but I really can't
say.  I don't use IIS very much, and when I do it's with JRUN.

--mikej
-=-
mike jackson
[EMAIL PROTECTED]

> -Original Message-
> From: Nicholas Orr [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 30, 2002 4:19 PM
> To: 'Tomcat Users List'
> Subject: RE: Need Help plz
>
>
> I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and
> file.jsp exists I get a resource not found error then when I put
> in file.jsp
> it loads file.jsp
>
> > >> -Original Message-
> > >> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> > >> Sent: Thursday, May 30, 2002 3:24 PM
> > >> To: [EMAIL PROTECTED]
> > >> Subject: Need Help plz
> > >>
> > >>
> > >>
> > >> Hi ,
> > >>
> > >>   i need  help please in two subjects .. My problems are what
> > >> configuration I should have to do in the server to prevent:
> > >>
> > >>  1)   Prohibit downloading the *.jsp files from any client on the
> > >> internet... [ I noticed that if  I wrote the URL of my site ending
> > >> with myFile.JSP  [ JSP in Capital letters] the page not opened ! ,
> > >> but  the server offered me to download the file it self ! ..Which I
> > >> don’t want any user knows this property to download my own
> > >> source-code jsp files!
> > >>
> > >>  2)   My application  is  depend on a password
> > authentication  , which
> > >> I don’t want  any cracker to keep trying usernames/passwords
> > >> for many tries ..  How should I tell the server to block an ip
> > after 3 times
> > >> tries [for example] and for how long this ip will be blocked!
> > >>
> > >>   are thses problems related with the Apache server or Tomcat serve
> > >> or both of them !!.. does anyone face like these problems ?!
> > >>
> > >>
> > >>  Java_lover : Walid
> > >>
> > >> --
> > >> To unsubscribe, e-mail:
> > >> <mailto:[EMAIL PROTECTED]>
> > >> For additional commands, e-mail:
> > >> <mailto:[EMAIL PROTECTED]>
> > >>
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
> >
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


**
The information contained in this e-mail is confidential and is
intended only for the use of the addressee(s).
If you receive this e-mail in error, any use, distribution or
copying of this e-mail is not permitted. You are requested to
forward unwanted e-mail and address any problems to the
MIM Holdings Limited Support Centre.

For general enquires:   ++61 7 3833 8000
Support Centre e-mail:  [EMAIL PROTECTED]
Support Centre phone:   Australia 1800500646
International ++61 7 38338042
**


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Need Help plz

2002-05-30 Thread Nicholas Orr


I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and
file.jsp exists I get a resource not found error then when I put in file.jsp
it loads file.jsp

> >> -Original Message-
> >> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> >> Sent: Thursday, May 30, 2002 3:24 PM
> >> To: [EMAIL PROTECTED]
> >> Subject: Need Help plz
> >>
> >>
> >>
> >> Hi ,
> >>
> >>   i need  help please in two subjects .. My problems are what 
> >> configuration I should have to do in the server to prevent:
> >>
> >>  1)   Prohibit downloading the *.jsp files from any client on the
> >> internet... [ I noticed that if  I wrote the URL of my site ending 
> >> with myFile.JSP  [ JSP in Capital letters] the page not opened ! , 
> >> but  the server offered me to download the file it self ! ..Which I 
> >> don’t want any user knows this property to download my own 
> >> source-code jsp files!
> >>
> >>  2)   My application  is  depend on a password
> authentication  , which
> >> I don’t want  any cracker to keep trying usernames/passwords 
> >> for many tries ..  How should I tell the server to block an ip
> after 3 times
> >> tries [for example] and for how long this ip will be blocked!
> >>
> >>   are thses problems related with the Apache server or Tomcat serve 
> >> or both of them !!.. does anyone face like these problems ?!
> >>
> >>
> >>  Java_lover : Walid
> >>
> >> --
> >> To unsubscribe, e-mail: 
> >> <mailto:[EMAIL PROTECTED]>
> >> For additional commands, e-mail: 
> >> <mailto:[EMAIL PROTECTED]>
> >>
> >
> >
> > --
> > To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>


--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


**
The information contained in this e-mail is confidential and is
intended only for the use of the addressee(s).
If you receive this e-mail in error, any use, distribution or
copying of this e-mail is not permitted. You are requested to
forward unwanted e-mail and address any problems to the
MIM Holdings Limited Support Centre.

For general enquires:   ++61 7 3833 8000
Support Centre e-mail:  [EMAIL PROTECTED]
Support Centre phone:   Australia 1800500646
International ++61 7 38338042
**


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Need Help plz

2002-05-30 Thread Mike Jackson


You probably wouldn't have this problem if you used apache I think, if the
apache module does checking then it'll probably figure out that since the
*.jsp file is just that a *.jsp file and if you're using mod_jk or probably
mod_webapp (I haven't used this yet), it'll see in it's config that its
supposed to hand those over to tomcat.  But then again I could be wrong, I
don't have one of those environments to play with.

--mikej
-=-
mike jackson
[EMAIL PROTECTED]

> -Original Message-
> From: Phillip Morelock [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 30, 2002 3:57 PM
> To: Tomcat Users List
> Subject: Re: Need Help plz
>
>
> > 1) Get off of windows :)
>
> Excellent point (just kidding) but actually, thanks for pointing the
> case-problem-fix out.
>
> This also happens on Mac OS X (which has a case-respecting,
> case-insensitive
> filesystem that annoys me frequently when working in the Unix
> side).  Apple
> distributes an Apache module which fixes the associated security problems
> for httpd, but I didn't even think to check this under Tomcat.
> Good thing I
> only deploy on Linux.  ;)
>
> So, Mac OS X users beware.
>
> I wonder how receptive the Tomcat committers would be to patches /
> automatically enabled workarounds for resolving / protecting against this
> issue.
>
> cheers
> fillup
>
>
> On 5/30/02 3:43 PM, "Mike Jackson" <[EMAIL PROTECTED]> wrote:
>
> > 1) Get off of windows :)
> >
> >  Or add the following to web.xml under $TOMCAT_HOME/conf, unless I'm
> > mistaken that should cover all of the possible miss-cases of "jsp".
> >
> > 
> >   jsp
> >   *.Jsp
> > 
> > 
> >   jsp
> >   *.JSp
> > 
> > 
> >   jsp
> >   *.JsP
> > 
> > 
> >   jsp
> >   *.JSP
> > 
> > 
> >   jsp
> >   *.jSp
> > 
> > 
> >   jsp
> >   *.jSP
> > 
> > 
> >   jsp
> >   *.jsP
> > 
> >
> > 2) You'll probably have to do this in your application I think.
>  If it were
> > me I'd create a singleton class that stored a list of login
> attempts with ip
> > address of the source, and prior to allowing some client to
> attempt login
> > I'd check the list.
> >
> > --mikej
> > -=-
> > mike jackson
> > [EMAIL PROTECTED]
> >
> >> -Original Message-
> >> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> >> Sent: Thursday, May 30, 2002 3:24 PM
> >> To: [EMAIL PROTECTED]
> >> Subject: Need Help plz
> >>
> >>
> >>
> >> Hi ,
> >>
> >>   i need  help please in two subjects .. My problems are what
> >> configuration I should have to do in the server to prevent:
> >>
> >>  1)   Prohibit downloading the *.jsp files from any client on the
> >> internet... [ I noticed that if  I wrote the URL of my site ending with
> >> myFile.JSP  [ JSP in Capital letters] the page not opened ! , but  the
> >> server offered me to download the file it self ! ..Which I
> >> don’t want
> >> any user knows this property to download my own source-code jsp files!
> >>
> >>  2)   My application  is  depend on a password
> authentication  , which
> >> I don’t want  any cracker to keep trying usernames/passwords for
> >> many tries ..  How should I tell the server to block an ip
> after 3 times
> >> tries [for example] and for how long this ip will be blocked!
> >>
> >>   are thses problems related with the Apache server or Tomcat
> >> serve or both
> >> of them !!.. does anyone face like these problems ?!
> >>
> >>
> >>  Java_lover : Walid
> >>
> >> --
> >> To unsubscribe, e-mail:
> >> <mailto:[EMAIL PROTECTED]>
> >> For additional commands, e-mail:
> >> <mailto:[EMAIL PROTECTED]>
> >>
> >
> >
> > --
> > To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Need Help plz

2002-05-30 Thread Mike Jackson


They're part of the super class of HttpServletRequest, but for any jsp
they're automajically included as part of the compile.  In other words you
don't have to include them, it's done for you.  The getRemoveAddr will
return a java.net.InetAddress I think, but I'd have to look to be 100% sure.

--mikej
-=-
mike jackson
[EMAIL PROTECTED]

> -Original Message-
> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 30, 2002 3:57 PM
> To: Tomcat Users List
> Subject: Re: Need Help plz
>
>
>
>
>
>   ok..well  i heard about functions " GetRemoteaddr()  & GetRemoteHost()"
> but i don't know what class/package they are in jdk source files, so i can
> read its help/definitions  then include it in a class of mine..
>
>   can i find some help in that please ..
>
>
>
> Mike Jackson writes:
>
> > 1) Get off of windows :)
> >
> >Or add the following to web.xml under $TOMCAT_HOME/conf, unless I'm
> > mistaken that should cover all of the possible miss-cases of "jsp".
> >
> >   
> > jsp
> > *.Jsp
> >   
> >   
> > jsp
> > *.JSp
> >   
> >   
> > jsp
> > *.JsP
> >   
> >   
> > jsp
> > *.JSP
> >   
> >   
> > jsp
> > *.jSp
> >   
> >   
> > jsp
> > *.jSP
> >   
> >   
> > jsp
> > *.jsP
> >   
> >
> > 2) You'll probably have to do this in your application I think.
>  If it were
> > me I'd create a singleton class that stored a list of login
> attempts with ip
> > address of the source, and prior to allowing some client to
> attempt login
> > I'd check the list.
> >
> > --mikej
> > -=-
> > mike jackson
> > [EMAIL PROTECTED]
> >
> > > -Original Message-
> > > From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, May 30, 2002 3:24 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Need Help plz
> > >
> > >
> > >
> > > Hi ,
> > >
> > >   i need  help please in two subjects .. My problems are what
> > > configuration I should have to do in the server to prevent:
> > >
> > >  1)   Prohibit downloading the *.jsp files from any client on the
> > > internet... [ I noticed that if  I wrote the URL of my site
> ending with
> > > myFile.JSP  [ JSP in Capital letters] the page not opened ! , but  the
> > > server offered me to download the file it self ! ..Which I
> > > don’t want
> > > any user knows this property to download my own source-code jsp files!
> > >
> > >  2)   My application  is  depend on a password
> authentication  , which
> > > I don’t want  any cracker to keep trying usernames/passwords for
> > > many tries ..  How should I tell the server to block an ip
> after 3 times
> > > tries [for example] and for how long this ip will be blocked!
> > >
> > >   are thses problems related with the Apache server or Tomcat
> > > serve or both
> > > of them !!.. does anyone face like these problems ?!
> > >
> > >
> > >  Java_lover : Walid
> > >
> > > --
> > > To unsubscribe, e-mail:
> > > <mailto:[EMAIL PROTECTED]>
> > > For additional commands, e-mail:
> > > <mailto:[EMAIL PROTECTED]>
> > >
> >
> >
> > --
> > To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>


Walid Al-Abbadi

--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Need Help plz

2002-05-30 Thread Walid Mohamed Al Abbadi





  ok..well  i heard about functions " GetRemoteaddr()  & GetRemoteHost()"
but i don't know what class/package they are in jdk source files, so i can
read its help/definitions  then include it in a class of mine..

  can i find some help in that please ..



Mike Jackson writes:

> 1) Get off of windows :)
> 
>Or add the following to web.xml under $TOMCAT_HOME/conf, unless I'm
> mistaken that should cover all of the possible miss-cases of "jsp".
> 
>   
> jsp
> *.Jsp
>   
>   
> jsp
> *.JSp
>   
>   
> jsp
> *.JsP
>   
>   
> jsp
> *.JSP
>   
>   
> jsp
> *.jSp
>   
>   
> jsp
> *.jSP
>   
>   
> jsp
> *.jsP
>   
> 
> 2) You'll probably have to do this in your application I think.  If it were
> me I'd create a singleton class that stored a list of login attempts with ip
> address of the source, and prior to allowing some client to attempt login
> I'd check the list.
> 
> --mikej
> -=-
> mike jackson
> [EMAIL PROTECTED]
> 
> > -Original Message-
> > From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, May 30, 2002 3:24 PM
> > To: [EMAIL PROTECTED]
> > Subject: Need Help plz
> >
> >
> >
> > Hi ,
> >
> >   i need  help please in two subjects .. My problems are what
> > configuration I should have to do in the server to prevent:
> >
> >  1)   Prohibit downloading the *.jsp files from any client on the
> > internet... [ I noticed that if  I wrote the URL of my site ending with
> > myFile.JSP  [ JSP in Capital letters] the page not opened ! , but  the
> > server offered me to download the file it self ! ..Which I
> > don’t want
> > any user knows this property to download my own source-code jsp files!
> >
> >  2)   My application  is  depend on a password authentication  , which
> > I don’t want  any cracker to keep trying usernames/passwords for
> > many tries ..  How should I tell the server to block an ip after 3 times
> > tries [for example] and for how long this ip will be blocked!
> >
> >   are thses problems related with the Apache server or Tomcat
> > serve or both
> > of them !!.. does anyone face like these problems ?!
> >
> >
> >  Java_lover : Walid
> >
> > --
> > To unsubscribe, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> > For additional commands, e-mail:
> > <mailto:[EMAIL PROTECTED]>
> >
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
> 


Walid Al-Abbadi

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Need Help plz

2002-05-30 Thread Phillip Morelock


> 1) Get off of windows :)

Excellent point (just kidding) but actually, thanks for pointing the
case-problem-fix out.

This also happens on Mac OS X (which has a case-respecting, case-insensitive
filesystem that annoys me frequently when working in the Unix side).  Apple
distributes an Apache module which fixes the associated security problems
for httpd, but I didn't even think to check this under Tomcat.  Good thing I
only deploy on Linux.  ;)

So, Mac OS X users beware.

I wonder how receptive the Tomcat committers would be to patches /
automatically enabled workarounds for resolving / protecting against this
issue.

cheers
fillup


On 5/30/02 3:43 PM, "Mike Jackson" <[EMAIL PROTECTED]> wrote:

> 1) Get off of windows :)
> 
>  Or add the following to web.xml under $TOMCAT_HOME/conf, unless I'm
> mistaken that should cover all of the possible miss-cases of "jsp".
> 
> 
>   jsp
>   *.Jsp
> 
> 
>   jsp
>   *.JSp
> 
> 
>   jsp
>   *.JsP
> 
> 
>   jsp
>   *.JSP
> 
> 
>   jsp
>   *.jSp
> 
> 
>   jsp
>   *.jSP
> 
> 
>   jsp
>   *.jsP
> 
> 
> 2) You'll probably have to do this in your application I think.  If it were
> me I'd create a singleton class that stored a list of login attempts with ip
> address of the source, and prior to allowing some client to attempt login
> I'd check the list.
> 
> --mikej
> -=-
> mike jackson
> [EMAIL PROTECTED]
> 
>> -Original Message-
>> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
>> Sent: Thursday, May 30, 2002 3:24 PM
>> To: [EMAIL PROTECTED]
>> Subject: Need Help plz
>> 
>> 
>> 
>> Hi ,
>> 
>>   i need  help please in two subjects .. My problems are what
>> configuration I should have to do in the server to prevent:
>> 
>>  1)   Prohibit downloading the *.jsp files from any client on the
>> internet... [ I noticed that if  I wrote the URL of my site ending with
>> myFile.JSP  [ JSP in Capital letters] the page not opened ! , but  the
>> server offered me to download the file it self ! ..Which I
>> don’t want
>> any user knows this property to download my own source-code jsp files!
>> 
>>  2)   My application  is  depend on a password authentication  , which
>> I don’t want  any cracker to keep trying usernames/passwords for
>> many tries ..  How should I tell the server to block an ip after 3 times
>> tries [for example] and for how long this ip will be blocked!
>> 
>>   are thses problems related with the Apache server or Tomcat
>> serve or both
>> of them !!.. does anyone face like these problems ?!
>> 
>> 
>>  Java_lover : Walid
>> 
>> --
>> To unsubscribe, e-mail:
>> <mailto:[EMAIL PROTECTED]>
>> For additional commands, e-mail:
>> <mailto:[EMAIL PROTECTED]>
>> 
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
> 


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Need Help plz

2002-05-30 Thread Mike Jackson


1) Get off of windows :)

   Or add the following to web.xml under $TOMCAT_HOME/conf, unless I'm
mistaken that should cover all of the possible miss-cases of "jsp".

  
jsp
*.Jsp
  
  
jsp
*.JSp
  
  
jsp
*.JsP
  
  
jsp
*.JSP
  
  
jsp
*.jSp
  
  
jsp
*.jSP
  
  
jsp
*.jsP
  

2) You'll probably have to do this in your application I think.  If it were
me I'd create a singleton class that stored a list of login attempts with ip
address of the source, and prior to allowing some client to attempt login
I'd check the list.

--mikej
-=-
mike jackson
[EMAIL PROTECTED]

> -Original Message-
> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 30, 2002 3:24 PM
> To: [EMAIL PROTECTED]
> Subject: Need Help plz
>
>
>
> Hi ,
>
>   i need  help please in two subjects .. My problems are what
> configuration I should have to do in the server to prevent:
>
>  1)   Prohibit downloading the *.jsp files from any client on the
> internet... [ I noticed that if  I wrote the URL of my site ending with
> myFile.JSP  [ JSP in Capital letters] the page not opened ! , but  the
> server offered me to download the file it self ! ..Which I
> don’t want
> any user knows this property to download my own source-code jsp files!
>
>  2)   My application  is  depend on a password authentication  , which
> I don’t want  any cracker to keep trying usernames/passwords for
> many tries ..  How should I tell the server to block an ip after 3 times
> tries [for example] and for how long this ip will be blocked!
>
>   are thses problems related with the Apache server or Tomcat
> serve or both
> of them !!.. does anyone face like these problems ?!
>
>
>  Java_lover : Walid
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Need Help plz

2002-05-30 Thread Walid Mohamed Al Abbadi



Hi ,

  i need  help please in two subjects .. My problems are what
configuration I should have to do in the server to prevent:

 1)   Prohibit downloading the *.jsp files from any client on the
internet... [ I noticed that if  I wrote the URL of my site ending with
myFile.JSP  [ JSP in Capital letters] the page not opened ! , but  the
server offered me to download the file it self ! ..Which I don’t want
any user knows this property to download my own source-code jsp files!

 2)   My application  is  depend on a password authentication  , which
I don’t want  any cracker to keep trying usernames/passwords for 
many tries ..  How should I tell the server to block an ip after 3 times
tries [for example] and for how long this ip will be blocked!

  are thses problems related with the Apache server or Tomcat serve or both
of them !!.. does anyone face like these problems ?! 

  
 Java_lover : Walid 

--
To unsubscribe, e-mail:   
For additional commands, e-mail:

AW: Need Help plz

RE: Need Help plz

Re: Need Help plz

RE: Need Help plz

Re: Need Help plz

RE: Need Help plz

RE: Need Help plz

Re: Need Help plz

RE: Need Help plz

Re: Need Help plz

RE: Need Help plz

RE: Need Help plz

RE: Need Help plz

RE: Need Help plz

RE: Need Help plz

Re: Need Help plz

Re: Need Help plz

RE: Need Help plz

Need Help plz

19 matches

Site Navigation

Mail list logo

Footer information