DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25367>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25367 SECURITY requests for jsp pages bypass apache AuthUserFile directive Summary: SECURITY requests for jsp pages bypass apache AuthUserFile directive Product: Tomcat 4 Version: 4.1.18 Platform: PC OS/Version: Linux Status: NEW Severity: Major Priority: Other Component: Connector:JK/AJP (deprecated) AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] I have this in my apache config: <Directory "/local/webapps/wa"> AuthType Basic AuthName "wa" AuthUserFile /usr/local/apache2/passwd/wa require user admins </Directory> This will block requests for html files, even /server-status, but not jsps. I'm using jk connector 1.2.5 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]