Hi Chuck, In fact I don't have this files in my server. The thing is, whenever I invke URLs that matches /dwr/anyFile.java, I get a positive DWR answer, as if I had such files in my server. Whenever I run automated security test tools like Paros Proxy, many issues regarding these problems are pointed out... I just want to be sure that these kind of requests are rejected.
Thanks! -----Mensagem original----- De: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 18 de maio de 2007 16:59 Para: Tomcat Users List Assunto: RE: Prevent unwanted requests > From: Milanez, Marcus [mailto:[EMAIL PROTECTED] > Subject: Prevent unwanted requests > > Is it possible to prevent the request os unwatned extensions, like > *.bak, *.java and so on, through web.xml file? The real question is: Why do have .java, etc., files in accessible locations? If you keep such files under WEB-INF, they're guaranteed to be inaccessible. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]