The feature of arbitrarily not serving content in the webapp is one that is not in high demand and isn't currently supported, other than removing the StaticInterceptor, as you have done.
I haven't tried the following, but you might try for each static page you want to serve: 1) Make a copy of the static page and rename it to end with ".jsp". 2) In the web.xml, add a servlet declaration for that JSP and add a servlet mapping that maps it to the old static file's name. Then remove the StaticInterceptor from the webapp. This way, only the static files you "map" get served. Note, this assumes all the static files you want to serve are HTML. HTH. Larry > -----Original Message----- > From: Lemke, Michael IZ/HZA-IE5 [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2003 9:28 AM > To: 'Tomcat Users List' > Subject: RE: TC 3.3.1: How to disable static access to > *certain* directories? > > > > -----Original Message----- > > From: Larry Isaacs [mailto:[EMAIL PROTECTED] > > Sent: Thursday, October 23, 2003 3:07 PM > > To: Tomcat Users List > > Subject: RE: TC 3.3.1: How to disable static access to > > *certain* directories? > > > > > > > > > -----Original Message----- > > > From: Lemke, Michael IZ/HZA-IE5 [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, October 23, 2003 8:04 AM > > > To: '[EMAIL PROTECTED]' > > > Subject: TC 3.3.1: How to disable static access to *certain* > > > directories? > > > > > > > > > I want to serve a few static pages with standalone tomcat > > > 3.3.1 (no apache etc). > > > I got that to work (<StaticInterceptor listings="false" />). > > > However, > > > it is still possible to access pages in other contexts if I > > > know the path: > > > > > > http://host.dom:4711/otherapplication/someknownpath/file.html > > > > > > But if I try > > > > > > http://host.dom:4711/otherapplication/WEB-INF/web.xml > > > > > > I get a 403 Forbidden. How can I make tomcat to return 403 > > (or 404) for > > > the first path as well? I just couldn't find anything in the docs > > > or google. > > > > You could delete file.html. That would result in a 404 > > error. > > Not good enough. There's stuff I can't take out. > > >If this > > isn't feasible, you need to explain why, so options as to how > > to "hide" it > > can be determined. > > Well, I simply don't want to serve anything that I don't need. > For the main application I don't need any static pages so I can > do without StaticInterceptor (done that). I don't want any files > to be available that might be placed there by mistake or otherwise. > Only the few pages under the `static' path should be accessible. > Simple security concerns - don't open more than what is necessary. > > Michael > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
