RE: Need Help plz
1) Get off of windows :) Or add the following to web.xml under $TOMCAT_HOME/conf, unless I'm mistaken that should cover all of the possible miss-cases of jsp. servlet-mapping servlet-namejsp/servlet-name url-pattern*.Jsp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JSp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JsP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JSP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jSp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jSP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jsP/url-pattern /servlet-mapping 2) You'll probably have to do this in your application I think. If it were me I'd create a singleton class that stored a list of login attempts with ip address of the source, and prior to allowing some client to attempt login I'd check the list. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Need Help plz
1) Get off of windows :) Excellent point (just kidding) but actually, thanks for pointing the case-problem-fix out. This also happens on Mac OS X (which has a case-respecting, case-insensitive filesystem that annoys me frequently when working in the Unix side). Apple distributes an Apache module which fixes the associated security problems for httpd, but I didn't even think to check this under Tomcat. Good thing I only deploy on Linux. ;) So, Mac OS X users beware. I wonder how receptive the Tomcat committers would be to patches / automatically enabled workarounds for resolving / protecting against this issue. cheers fillup On 5/30/02 3:43 PM, Mike Jackson [EMAIL PROTECTED] wrote: 1) Get off of windows :) Or add the following to web.xml under $TOMCAT_HOME/conf, unless I'm mistaken that should cover all of the possible miss-cases of jsp. servlet-mapping servlet-namejsp/servlet-name url-pattern*.Jsp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JSp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JsP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JSP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jSp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jSP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jsP/url-pattern /servlet-mapping 2) You'll probably have to do this in your application I think. If it were me I'd create a singleton class that stored a list of login attempts with ip address of the source, and prior to allowing some client to attempt login I'd check the list. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Need Help plz
ok..well i heard about functions GetRemoteaddr() GetRemoteHost() but i don't know what class/package they are in jdk source files, so i can read its help/definitions then include it in a class of mine.. can i find some help in that please .. Mike Jackson writes: 1) Get off of windows :) Or add the following to web.xml under $TOMCAT_HOME/conf, unless I'm mistaken that should cover all of the possible miss-cases of jsp. servlet-mapping servlet-namejsp/servlet-name url-pattern*.Jsp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JSp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JsP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JSP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jSp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jSP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jsP/url-pattern /servlet-mapping 2) You'll probably have to do this in your application I think. If it were me I'd create a singleton class that stored a list of login attempts with ip address of the source, and prior to allowing some client to attempt login I'd check the list. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Need Help plz
They're part of the super class of HttpServletRequest, but for any jsp they're automajically included as part of the compile. In other words you don't have to include them, it's done for you. The getRemoveAddr will return a java.net.InetAddress I think, but I'd have to look to be 100% sure. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:57 PM To: Tomcat Users List Subject: Re: Need Help plz ok..well i heard about functions GetRemoteaddr() GetRemoteHost() but i don't know what class/package they are in jdk source files, so i can read its help/definitions then include it in a class of mine.. can i find some help in that please .. Mike Jackson writes: 1) Get off of windows :) Or add the following to web.xml under $TOMCAT_HOME/conf, unless I'm mistaken that should cover all of the possible miss-cases of jsp. servlet-mapping servlet-namejsp/servlet-name url-pattern*.Jsp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JSp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JsP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JSP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jSp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jSP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jsP/url-pattern /servlet-mapping 2) You'll probably have to do this in your application I think. If it were me I'd create a singleton class that stored a list of login attempts with ip address of the source, and prior to allowing some client to attempt login I'd check the list. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Need Help plz
You probably wouldn't have this problem if you used apache I think, if the apache module does checking then it'll probably figure out that since the *.jsp file is just that a *.jsp file and if you're using mod_jk or probably mod_webapp (I haven't used this yet), it'll see in it's config that its supposed to hand those over to tomcat. But then again I could be wrong, I don't have one of those environments to play with. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Phillip Morelock [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:57 PM To: Tomcat Users List Subject: Re: Need Help plz 1) Get off of windows :) Excellent point (just kidding) but actually, thanks for pointing the case-problem-fix out. This also happens on Mac OS X (which has a case-respecting, case-insensitive filesystem that annoys me frequently when working in the Unix side). Apple distributes an Apache module which fixes the associated security problems for httpd, but I didn't even think to check this under Tomcat. Good thing I only deploy on Linux. ;) So, Mac OS X users beware. I wonder how receptive the Tomcat committers would be to patches / automatically enabled workarounds for resolving / protecting against this issue. cheers fillup On 5/30/02 3:43 PM, Mike Jackson [EMAIL PROTECTED] wrote: 1) Get off of windows :) Or add the following to web.xml under $TOMCAT_HOME/conf, unless I'm mistaken that should cover all of the possible miss-cases of jsp. servlet-mapping servlet-namejsp/servlet-name url-pattern*.Jsp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JSp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JsP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JSP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jSp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jSP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jsP/url-pattern /servlet-mapping 2) You'll probably have to do this in your application I think. If it were me I'd create a singleton class that stored a list of login attempts with ip address of the source, and prior to allowing some client to attempt login I'd check the list. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Need Help plz
I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and file.jsp exists I get a resource not found error then when I put in file.jsp it loads file.jsp -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] ** The information contained in this e-mail is confidential and is intended only for the use of the addressee(s). If you receive this e-mail in error, any use, distribution or copying of this e-mail is not permitted. You are requested to forward unwanted e-mail and address any problems to the MIM Holdings Limited Support Centre. For general enquires: ++61 7 3833 8000 Support Centre e-mail: [EMAIL PROTECTED] Support Centre phone: Australia 1800500646 International ++61 7 38338042 ** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Need Help plz
Hmm, well we don't really know what kind of environment Walid is using, so I can't say why he has that problem and you don't. The configuration for IIS may include filtering to protect against case problems, but I really can't say. I don't use IIS very much, and when I do it's with JRUN. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Nicholas Orr [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 4:19 PM To: 'Tomcat Users List' Subject: RE: Need Help plz I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and file.jsp exists I get a resource not found error then when I put in file.jsp it loads file.jsp -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] ** The information contained in this e-mail is confidential and is intended only for the use of the addressee(s). If you receive this e-mail in error, any use, distribution or copying of this e-mail is not permitted. You are requested to forward unwanted e-mail and address any problems to the MIM Holdings Limited Support Centre. For general enquires: ++61 7 3833 8000 Support Centre e-mail: [EMAIL PROTECTED] Support Centre phone: Australia 1800500646 International ++61 7 38338042 ** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Need Help plz
Well it happens like that when I go straight to TC via http://localhost:8080 -Original Message- From: Mike Jackson [mailto:[EMAIL PROTECTED]] Sent: Friday, May 31, 2002 9:24 AM To: Tomcat Users List Subject: RE: Need Help plz Hmm, well we don't really know what kind of environment Walid is using, so I can't say why he has that problem and you don't. The configuration for IIS may include filtering to protect against case problems, but I really can't say. I don't use IIS very much, and when I do it's with JRUN. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Nicholas Orr [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 4:19 PM To: 'Tomcat Users List' Subject: RE: Need Help plz I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and file.jsp exists I get a resource not found error then when I put in file.jsp it loads file.jsp -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] ** The information contained in this e-mail is confidential and is intended only for the use of the addressee(s). If you receive this e-mail in error, any use, distribution or copying of this e-mail is not permitted. You are requested to forward unwanted e-mail and address any problems to the MIM Holdings Limited Support Centre. For general enquires: ++61 7 3833 8000 Support Centre e-mail: [EMAIL PROTECTED] Support Centre phone: Australia 1800500646 International ++61 7 38338042 ** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Need Help plz
You probably wouldn't have this problem if you used apache I think, if the apache module does checking then it'll probably figure out that since the The response (to you and Mr. Nicholas Orr) is simply that you I guess you're both right, but I am a firm believer in Tomcat standalone in many situations. This here is a bit of a problem, one that I didn't think of before since Apache is smart about this. I made the ridiculous assumption that Tomcat was equally perceptive (not a crack at Tomcat, just a small grumble). Fault in my brain: Tomcat == Apache Project == same case-sensitivity awareness cheers fillup On 5/30/02 4:15 PM, Mike Jackson [EMAIL PROTECTED] wrote: You probably wouldn't have this problem if you used apache I think, if the apache module does checking then it'll probably figure out that since the *.jsp file is just that a *.jsp file and if you're using mod_jk or probably mod_webapp (I haven't used this yet), it'll see in it's config that its supposed to hand those over to tomcat. But then again I could be wrong, I don't have one of those environments to play with. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Phillip Morelock [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:57 PM To: Tomcat Users List Subject: Re: Need Help plz 1) Get off of windows :) Excellent point (just kidding) but actually, thanks for pointing the case-problem-fix out. This also happens on Mac OS X (which has a case-respecting, case-insensitive filesystem that annoys me frequently when working in the Unix side). Apple distributes an Apache module which fixes the associated security problems for httpd, but I didn't even think to check this under Tomcat. Good thing I only deploy on Linux. ;) So, Mac OS X users beware. I wonder how receptive the Tomcat committers would be to patches / automatically enabled workarounds for resolving / protecting against this issue. cheers fillup On 5/30/02 3:43 PM, Mike Jackson [EMAIL PROTECTED] wrote: 1) Get off of windows :) Or add the following to web.xml under $TOMCAT_HOME/conf, unless I'm mistaken that should cover all of the possible miss-cases of jsp. servlet-mapping servlet-namejsp/servlet-name url-pattern*.Jsp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JSp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JsP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.JSP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jSp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jSP/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jsP/url-pattern /servlet-mapping 2) You'll probably have to do this in your application I think. If it were me I'd create a singleton class that stored a list of login attempts with ip address of the source, and prior to allowing some client to attempt login I'd check the list. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Need Help plz
Hmm, I still have no clue, but if if you did have this problem then the mapping statements would eliminate the problem. Tomcat-4+ may not have this issue. Perhaps Walid is using 3, but I really have no clue. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Nicholas Orr [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 4:27 PM To: 'Tomcat Users List' Subject: RE: Need Help plz Well it happens like that when I go straight to TC via http://localhost:8080 -Original Message- From: Mike Jackson [mailto:[EMAIL PROTECTED]] Sent: Friday, May 31, 2002 9:24 AM To: Tomcat Users List Subject: RE: Need Help plz Hmm, well we don't really know what kind of environment Walid is using, so I can't say why he has that problem and you don't. The configuration for IIS may include filtering to protect against case problems, but I really can't say. I don't use IIS very much, and when I do it's with JRUN. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Nicholas Orr [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 4:19 PM To: 'Tomcat Users List' Subject: RE: Need Help plz I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and file.jsp exists I get a resource not found error then when I put in file.jsp it loads file.jsp -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] ** The information contained in this e-mail is confidential and is intended only for the use of the addressee(s). If you receive this e-mail in error, any use, distribution or copying of this e-mail is not permitted. You are requested to forward unwanted e-mail and address any problems to the MIM Holdings Limited Support Centre. For general enquires: ++61 7 3833 8000 Support Centre e-mail: [EMAIL PROTECTED] Support Centre phone: Australia 1800500646 International ++61 7 38338042 ** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Need Help plz
Well, Mike ..i use a jakarta-tomcat [combined with Apache webserver] ver 4 under win2000 :) .. and remote site work well when as i told addressing it by *.jsp [small letters] the problem came when i use *.JSP [ capital ] the browser offered me to download the jsp file .. i hope the web.xml cofiguration you told me about will solve the problem [ this msg just for clearity between Nicholas's problem mine ] Nicholas Orr writes: I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and file.jsp exists I get a resource not found error then when I put in file.jsp it loads file.jsp -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] ** The information contained in this e-mail is confidential and is intended only for the use of the addressee(s). If you receive this e-mail in error, any use, distribution or copying of this e-mail is not permitted. You are requested to forward unwanted e-mail and address any problems to the MIM Holdings Limited Support Centre. For general enquires: ++61 7 3833 8000 Support Centre e-mail:[EMAIL PROTECTED] Support Centre phone: Australia 1800500646 International ++61 7 38338042 ** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Need Help plz
You might have to do some configuration in the iis - tomcat connector stuff, I know in apache-tomcat (which is what I use under various unix flavors) there's a need to put in the mod_jk.conf file a directive that says to pass the request to tomcat for this file pattern (looks like this JkMount /*.jsp ajp13). Then the mapping will take effect in the web.xml. Personally I'm playing around with *.xsql files (oracle's xsql servlet), and I found that it didn't matter what the mapping was in the web.xml under the WEB-INF unless I had that mapping also in the mod_jk.conf file. But your mileage may vary, some assembly required, batteries not included. :) --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohammed [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 4:34 PM To: Tomcat Users List Subject: Re: Need Help plz Well, Mike ..i use a jakarta-tomcat [combined with Apache webserver] ver 4 under win2000 :) .. and remote site work well when as i told addressing it by *.jsp [small letters] the problem came when i use *.JSP [ capital ] the browser offered me to download the jsp file .. i hope the web.xml cofiguration you told me about will solve the problem [ this msg just for clearity between Nicholas's problem mine ] Nicholas Orr writes: I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and file.jsp exists I get a resource not found error then when I put in file.jsp it loads file.jsp -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] ** The information contained in this e-mail is confidential and is intended only for the use of the addressee(s). If you receive this e-mail in error, any use, distribution or copying of this e-mail is not permitted. You are requested to forward unwanted e-mail and address any problems to the MIM Holdings Limited Support Centre. For general enquires: ++61 7 3833 8000 Support Centre e-mail:[EMAIL PROTECTED] Support Centre phone: Australia 1800500646 International ++61 7 38338042 ** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Need Help plz
Oops, perhaps I should have read that a bit more clearly, I think you'll definately need to tell apache to forward the requests for the various cases of jsp to tomcat. IIS may do something like the apache module that apple puts out or something, I have no idea. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohammed [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 4:34 PM To: Tomcat Users List Subject: Re: Need Help plz Well, Mike ..i use a jakarta-tomcat [combined with Apache webserver] ver 4 under win2000 :) .. and remote site work well when as i told addressing it by *.jsp [small letters] the problem came when i use *.JSP [ capital ] the browser offered me to download the jsp file .. i hope the web.xml cofiguration you told me about will solve the problem [ this msg just for clearity between Nicholas's problem mine ] Nicholas Orr writes: I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and file.jsp exists I get a resource not found error then when I put in file.jsp it loads file.jsp -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] ** The information contained in this e-mail is confidential and is intended only for the use of the addressee(s). If you receive this e-mail in error, any use, distribution or copying of this e-mail is not permitted. You are requested to forward unwanted e-mail and address any problems to the MIM Holdings Limited Support Centre. For general enquires: ++61 7 3833 8000 Support Centre e-mail:[EMAIL PROTECTED] Support Centre phone: Australia 1800500646 International ++61 7 38338042 ** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Need Help plz
so how should i told Appache to do that ?!.. you mean changing configurations or sending mails to Appache group ?! Mike Jackson writes: Oops, perhaps I should have read that a bit more clearly, I think you'll definately need to tell apache to forward the requests for the various cases of jsp to tomcat. IIS may do something like the apache module that apple puts out or something, I have no idea. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohammed [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 4:34 PM To: Tomcat Users List Subject: Re: Need Help plz Well, Mike ..i use a jakarta-tomcat [combined with Apache webserver] ver 4 under win2000 :) .. and remote site work well when as i told addressing it by *.jsp [small letters] the problem came when i use *.JSP [ capital ] the browser offered me to download the jsp file .. i hope the web.xml cofiguration you told me about will solve the problem [ this msg just for clearity between Nicholas's problem mine ] Nicholas Orr writes: I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and file.jsp exists I get a resource not found error then when I put in file.jsp it loads file.jsp -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] ** The information contained in this e-mail is confidential and is intended only for the use of the addressee(s). If you receive this e-mail in error, any use, distribution or copying of this e-mail is not permitted. You are requested to forward unwanted e-mail and address any problems to the MIM Holdings Limited Support Centre. For general enquires: ++61 7 3833 8000 Support Centre e-mail: [EMAIL PROTECTED] Support Centre phone: Australia 1800500646 International ++61 7 38338042 ** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Need Help plz
No in the mod_jk config file, but that'll vary depending on what connector you're using. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohammed [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 4:47 PM To: Tomcat Users List Subject: Re: Need Help plz so how should i told Appache to do that ?!.. you mean changing configurations or sending mails to Appache group ?! Mike Jackson writes: Oops, perhaps I should have read that a bit more clearly, I think you'll definately need to tell apache to forward the requests for the various cases of jsp to tomcat. IIS may do something like the apache module that apple puts out or something, I have no idea. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohammed [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 4:34 PM To: Tomcat Users List Subject: Re: Need Help plz Well, Mike ..i use a jakarta-tomcat [combined with Apache webserver] ver 4 under win2000 :) .. and remote site work well when as i told addressing it by *.jsp [small letters] the problem came when i use *.JSP [ capital ] the browser offered me to download the jsp file .. i hope the web.xml cofiguration you told me about will solve the problem [ this msg just for clearity between Nicholas's problem mine ] Nicholas Orr writes: I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and file.jsp exists I get a resource not found error then when I put in file.jsp it loads file.jsp -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] ** The information contained in this e-mail is confidential and is intended only for the use of the addressee(s). If you receive this e-mail in error, any use, distribution or copying of this e-mail is not permitted. You are requested to forward unwanted e-mail and address any problems to the MIM Holdings Limited Support Centre. For general enquires: ++61 7 3833 8000 Support Centre e-mail:[EMAIL PROTECTED] Support Centre phone: Australia 1800500646 International ++61 7 38338042 ** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Need Help plz
i couldn't find that mod_jk file !..and what do you mean by connector !? Mike Jackson writes: No in the mod_jk config file, but that'll vary depending on what connector you're using. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohammed [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 4:47 PM To: Tomcat Users List Subject: Re: Need Help plz so how should i told Appache to do that ?!.. you mean changing configurations or sending mails to Appache group ?! Mike Jackson writes: Oops, perhaps I should have read that a bit more clearly, I think you'll definately need to tell apache to forward the requests for the various cases of jsp to tomcat. IIS may do something like the apache module that apple puts out or something, I have no idea. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohammed [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 4:34 PM To: Tomcat Users List Subject: Re: Need Help plz Well, Mike ..i use a jakarta-tomcat [combined with Apache webserver] ver 4 under win2000 :) .. and remote site work well when as i told addressing it by *.jsp [small letters] the problem came when i use *.JSP [ capital ] the browser offered me to download the jsp file .. i hope the web.xml cofiguration you told me about will solve the problem [ this msg just for clearity between Nicholas's problem mine ] Nicholas Orr writes: I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and file.jsp exists I get a resource not found error then when I put in file.jsp it loads file.jsp -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] ** The information contained in this e-mail is confidential and is intended only for the use of the addressee(s). If you receive this e-mail in error, any use, distribution or copying of this e-mail is not permitted. You are requested to forward unwanted e-mail and address any problems to the MIM Holdings Limited Support Centre. For general enquires: ++61 7 3833 8000 Support Centre e-mail: [EMAIL PROTECTED] Support Centre phone: Australia 1800500646 International ++61 7 38338042 ** -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e
RE: Need Help plz
mod_jk, mod_jserv or mod_webapp, they are the glue that allows tomcat to respond for the jsp and servlets and allows apache to serve all the static content (pictures, html files, etc). If you're running apache and tomcat then you've got to be using one of them unless you are putting a different port in all the href's and form action's that point to tomcat. If you don't know what you're running, then you can go to netcraft (www.netcraft.com) and find out what it thinks you're running on your web server. Generally if you're running a java environment under apache it'll tell you what connector you're using. At least it does in my experience. If you're using mod_jserv or mod_webapp you're going to have to look to someone else for assistance, I haven't played with jserv in ages (and don't want to again) and haven't looked at webapp yet, as I'm only using tomcat 3.x. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohammed [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 5:06 PM To: Tomcat Users List Subject: Re: Need Help plz i couldn't find that mod_jk file !..and what do you mean by connector !? Mike Jackson writes: No in the mod_jk config file, but that'll vary depending on what connector you're using. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohammed [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 4:47 PM To: Tomcat Users List Subject: Re: Need Help plz so how should i told Appache to do that ?!.. you mean changing configurations or sending mails to Appache group ?! Mike Jackson writes: Oops, perhaps I should have read that a bit more clearly, I think you'll definately need to tell apache to forward the requests for the various cases of jsp to tomcat. IIS may do something like the apache module that apple puts out or something, I have no idea. --mikej -=- mike jackson [EMAIL PROTECTED] -Original Message- From: Walid Mohammed [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 4:34 PM To: Tomcat Users List Subject: Re: Need Help plz Well, Mike ..i use a jakarta-tomcat [combined with Apache webserver] ver 4 under win2000 :) .. and remote site work well when as i told addressing it by *.jsp [small letters] the problem came when i use *.JSP [ capital ] the browser offered me to download the jsp file .. i hope the web.xml cofiguration you told me about will solve the problem [ this msg just for clearity between Nicholas's problem mine ] Nicholas Orr writes: I'm using windoz and IIS5.0 with TC 4.0.3 and when I put in file.jsP and file.jsp exists I get a resource not found error then when I put in file.jsp it loads file.jsp -Original Message- From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: Need Help plz Hi , i need help please in two subjects .. My problems are what configuration I should have to do in the server to prevent: 1) Prohibit downloading the *.jsp files from any client on the internet... [ I noticed that if I wrote the URL of my site ending with myFile.JSP [ JSP in Capital letters] the page not opened ! , but the server offered me to download the file it self ! ..Which I don#8217;t want any user knows this property to download my own source-code jsp files! 2) My application is depend on a password authentication , which I don#8217;t want any cracker to keep trying usernames/passwords for many tries .. How should I tell the server to block an ip after 3 times tries [for example] and for how long this ip will be blocked! are thses problems related with the Apache server or Tomcat serve or both of them !!.. does anyone face like these problems ?! Java_lover : Walid -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED
