This did the work with Apache. I was trying to get rid of the semicolon but this seems better.
<LocationMatch "/.+"> AllowOverride None Order deny,allow Deny from all Allow from none </LocationMatch> Now I have to decide between a tomcat 404 or an apache access denied Thanks again Leo On 12/18/06, Leo Gil <[EMAIL PROTECTED]> wrote:
After hunting this problem down I found an easy fix on tomcat. So easy that upsets me... Just setting listings to false did the trick on web.xml <init-param> <param-name>listings</param-name> <param-value>false</param-value> </init-param> I'm going to try LocationMatch it's better than displaying a tomcat 404 Thanks for your help Leo On 12/18/06, Nick Kew < [EMAIL PROTECTED]> wrote: > > On Mon, 18 Dec 2006 18:26:06 -0500 > "Leo Gil" < [EMAIL PROTECTED]> wrote: > > > Hi all, > > > > I have been trying to block the Tomcat directory listing vulnerability > > using Apache's Directory with no success. > > No chance. <Directory> applies to local files, not anything > served by tomcat. You want <LocationMatch>. > > > -- > Nick Kew > > Application Development with Apache - the Apache Modules Book > http://www.apachetutor.org/ > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server > Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >