> You probably wouldn't have this problem if you used apache I think, if the > apache module does checking then it'll probably figure out that since the
The response (to you and Mr. Nicholas Orr) is simply that you I guess you're both right, but I am a firm believer in Tomcat standalone in many situations. This here is a bit of a problem, one that I didn't think of before since Apache is "smart" about this. I made the ridiculous assumption that Tomcat was equally perceptive (not a crack at Tomcat, just a small grumble). Fault in my brain: Tomcat == Apache Project == same case-sensitivity awareness cheers fillup On 5/30/02 4:15 PM, "Mike Jackson" <[EMAIL PROTECTED]> wrote: > You probably wouldn't have this problem if you used apache I think, if the > apache module does checking then it'll probably figure out that since the > *.jsp file is just that a *.jsp file and if you're using mod_jk or probably > mod_webapp (I haven't used this yet), it'll see in it's config that its > supposed to hand those over to tomcat. But then again I could be wrong, I > don't have one of those environments to play with. > > --mikej > -=----- > mike jackson > [EMAIL PROTECTED] > >> -----Original Message----- >> From: Phillip Morelock [mailto:[EMAIL PROTECTED]] >> Sent: Thursday, May 30, 2002 3:57 PM >> To: Tomcat Users List >> Subject: Re: Need Help plz >> >> >>> 1) Get off of windows :) >> >> Excellent point (just kidding) but actually, thanks for pointing the >> case-problem-fix out. >> >> This also happens on Mac OS X (which has a case-respecting, >> case-insensitive >> filesystem that annoys me frequently when working in the Unix >> side). Apple >> distributes an Apache module which fixes the associated security problems >> for httpd, but I didn't even think to check this under Tomcat. >> Good thing I >> only deploy on Linux. ;) >> >> So, Mac OS X users beware. >> >> I wonder how receptive the Tomcat committers would be to patches / >> automatically enabled workarounds for resolving / protecting against this >> issue. >> >> cheers >> fillup >> >> >> On 5/30/02 3:43 PM, "Mike Jackson" <[EMAIL PROTECTED]> wrote: >> >>> 1) Get off of windows :) >>> >>> Or add the following to web.xml under $TOMCAT_HOME/conf, unless I'm >>> mistaken that should cover all of the possible miss-cases of "jsp". >>> >>> <servlet-mapping> >>> <servlet-name>jsp</servlet-name> >>> <url-pattern>*.Jsp</url-pattern> >>> </servlet-mapping> >>> <servlet-mapping> >>> <servlet-name>jsp</servlet-name> >>> <url-pattern>*.JSp</url-pattern> >>> </servlet-mapping> >>> <servlet-mapping> >>> <servlet-name>jsp</servlet-name> >>> <url-pattern>*.JsP</url-pattern> >>> </servlet-mapping> >>> <servlet-mapping> >>> <servlet-name>jsp</servlet-name> >>> <url-pattern>*.JSP</url-pattern> >>> </servlet-mapping> >>> <servlet-mapping> >>> <servlet-name>jsp</servlet-name> >>> <url-pattern>*.jSp</url-pattern> >>> </servlet-mapping> >>> <servlet-mapping> >>> <servlet-name>jsp</servlet-name> >>> <url-pattern>*.jSP</url-pattern> >>> </servlet-mapping> >>> <servlet-mapping> >>> <servlet-name>jsp</servlet-name> >>> <url-pattern>*.jsP</url-pattern> >>> </servlet-mapping> >>> >>> 2) You'll probably have to do this in your application I think. >> If it were >>> me I'd create a singleton class that stored a list of login >> attempts with ip >>> address of the source, and prior to allowing some client to >> attempt login >>> I'd check the list. >>> >>> --mikej >>> -=----- >>> mike jackson >>> [EMAIL PROTECTED] >>> >>>> -----Original Message----- >>>> From: Walid Mohamed Al Abbadi [mailto:[EMAIL PROTECTED]] >>>> Sent: Thursday, May 30, 2002 3:24 PM >>>> To: [EMAIL PROTECTED] >>>> Subject: Need Help plz >>>> >>>> >>>> >>>> Hi , >>>> >>>> i need help please in two subjects .. My problems are what >>>> configuration I should have to do in the server to prevent: >>>> >>>> 1) Prohibit downloading the *.jsp files from any client on the >>>> internet... [ I noticed that if I wrote the URL of my site ending with >>>> myFile.JSP [ JSP in Capital letters] the page not opened ! , but the >>>> server offered me to download the file it self ! ..Which I >>>> don’t want >>>> any user knows this property to download my own source-code jsp files! >>>> >>>> 2) My application is depend on a password >> authentication , which >>>> I don’t want any cracker to keep trying usernames/passwords for >>>> many tries .. How should I tell the server to block an ip >> after 3 times >>>> tries [for example] and for how long this ip will be blocked! >>>> >>>> are thses problems related with the Apache server or Tomcat >>>> serve or both >>>> of them !!.. does anyone face like these problems ?! >>>> >>>> >>>> Java_lover : Walid >>>> >>>> -- >>>> To unsubscribe, e-mail: >>>> <mailto:[EMAIL PROTECTED]> >>>> For additional commands, e-mail: >>>> <mailto:[EMAIL PROTECTED]> >>>> >>> >>> >>> -- >>> To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> >> For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> >> > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
