If you are using apache as front end then ....
<LocationMatch (.*)/WEB-INF/(.*)>
Deny from All
</LocationMatch>
Regards
guru
-----Original Message-----
From: Scott Purcell [mailto:[EMAIL PROTECTED]
Sent: 31 August 2005 16:24
To: tomcat-user@jakarta.apache.org
Subject: Users Can See root files
Hello,
I was showing someone my website the other day, and when they started
playing with the URL, they could see the jsp files, html files, and files
under the WEB-INF directory.
Is created a <welcome-file-list> in the web.xml, but I guess if someone
plays with the url and tries to get a look at the files that does not help.
How does one shut down all access to anything from a url
Thanks
Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
