I'm setting httpd & tomcat's doc roots to the same location because in my hosting setup users will be presented with /public_html directory in their home directory. They should be able to place cfml, php and static resources in the same location and have them served.
I realize this might not be ideal, but i can block requests to WEB-INF in my httpd.conf using a DirectoryMatch directive I changed the DocumentRoot of my vhost to "C:\temp" and restarted httpd. browsing to /CFIDE/administrator/index.cfm still serves up the files source, while all other urls are functioning correctly Chris 2009/10/30 André Warnier <a...@ice-sa.com> > Chris Blackwell wrote: > ... > > > >> <VirtualHost *:80> >> DocumentRoot "C:\Users\Chris\Documents\Eclipse Workspace\mysite" >> > > Bad idea, almost always... > > > ServerName mysite.dev >> >> ProxyPreserveHost On >> ProxyPassReverse / ajp://localhost:8009/ >> >> RewriteEngine On >> # If it's a CFML (*.cfc or *.cfm) request, just proxy it to Tomcat: >> RewriteRule ^(.+\.cf[cm])$ ajp://localhost:8009$1 [P] >> </VirtualHost> >> >> Ok so this seems to work, apart from one really annoying snag. in the >> coldfusion war theres a directory call CFIDE which contains amongst other >> things the administrator. I can browse to >> http://mysite.dev:8080/CFIDE/administrator/index.cfm and it happily shows >> me >> the login screen, however if it try to access that directory through >> apache >> it sends me the source code for the file. >> > > .. and that's why. > > > With your above RewriteRule, you are intercepting and proxying to Tomcat > /some/ URLs. The ones you are not intercepting and proxying with the rule, > go through to Apache, which serves them normally as files, using its > DocumentRoot as the base. > So, probably, if you request "http://yourhost/ROOT/WEB-INF/web.xml";, > you'll also see the contents of the file > (tomcat_dir)/webapps/ROOT/WEB-INF/web.xml, including anything in it that you > would not want users to see (passwords etc..). > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
