From: "David Smith" <[EMAIL PROTECTED]>
The servlet spec (and tomcat is spec compliant) forbids the client
direct access to anything in WEB-INF.
I can think of two possibilities for what you are seeing:
1) You have Apache or IIS in front of this serving out static content.
In that case, do what
The servlet spec (and tomcat is spec compliant) forbids the client
direct access to anything in WEB-INF. I can think of two possibilities
for what you are seeing:
1) You have Apache or IIS in front of this serving out static content.
In that case, do what others have suggested and configure Apac
If you are using apache as front end then
Deny from All
Regards
guru
-Original Message-
From: Scott Purcell [mailto:[EMAIL PROTECTED]
Sent: 31 August 2005 16:24
To: tomcat-user@jakarta.apache.org
Subject: Users Can See root files
Hello,
I was showing someone my websit
> From: Scott Purcell [mailto:[EMAIL PROTECTED]
> Subject: Users Can See root files
>
> Is created a in the web.xml, but I guess
> if someone plays with the url and tries to get a look at the
> files that does not help.
Look here:
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/default-servle
Change the listings parameter value in the %CATALINA_HOME%/conf/web.xml to
false. IE:
.
.
.
listings
false
This should turn off the file listings so that users should not be able to
navigate.
Robert S. Harper
Information Access Technology, Inc.
-Or