Make sure you configure apache to forbid access to any /WEB-INF/ and /META-INF/ directories. You also may want to forbid access to *.war files in your DocumentRoot.
If you use the lastest version of mod_jk 1.2 it will do this for you automatically if you use the JkAutoAlias config directive. Regards, Glenn Sigurđur Bjarnason wrote:
Hi all I am using apache 1.3 and tomcat 4.0.4 together I use apache to serve all the static content, witch I have a special directory for and Tomcat serve all the jsp and servlet stuff.. The question is.. is there any security risk if I Have the Apache DocumentRoot pointing straight to the webapps folder ?! ¨ Best Regards Siggi -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org
-- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>