If you are using apache as front end then .... <LocationMatch (.*)/WEB-INF/(.*)> Deny from All </LocationMatch>
Regards guru -----Original Message----- From: Scott Purcell [mailto:[EMAIL PROTECTED] Sent: 31 August 2005 16:24 To: tomcat-user@jakarta.apache.org Subject: Users Can See root files Hello, I was showing someone my website the other day, and when they started playing with the URL, they could see the jsp files, html files, and files under the WEB-INF directory. Is created a <welcome-file-list> in the web.xml, but I guess if someone plays with the url and tries to get a look at the files that does not help. How does one shut down all access to anything from a url Thanks Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]