-Tim
Mario Winterer wrote:
Thanks David,
I think, your second suggestion will not work, because it is not possible to map a servlet or filter to "*/CVS/*". According to the servlet-specs, only filters of the form "anything/*" or "*.extension" are supported (and I really do not want to add a servlet-mapping for every single CVS directory).
I've already thought on a filter using regular expressions for filtering out certain requests. But I'm not sure if this is secure enough. Just think of "modified" request-urls using hex numbers for escaping ascii characters (e.g. ".../%43VS/..." instead of ".../CVS/..."). Are those urls normalized by tomcat, i.e. does request.getRequestURL() return ".../CVS/..." in both cases?
Tex
Just a thought or two --
1) Setup a request filter that detects when the URL contains the pattern CVS/ and redirects to a default or error page.
-or-
2) Setup a servlet mapping for any of the potential CVS URLs and have them map to a servlet that responds with an error or redirect.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]