yes I am keeping the all the web-app stuff in place. I don't have the time to re-architect my entire system to your suggested format.
I really need to just prevent httpd from accessing anything with "WEB-INF" in the url. On Wed, Nov 25, 2009 at 11:21 AM, Pid <p...@pidster.com> wrote: > On 25/11/2009 16:13, Jonathan Mast wrote: > >> Can someone please provide the magical httpd config-cantation that will >> block httpd from accessing anything in WEB-INF directories? >> >> I need something that will be apply globally and can't be overridden by >> VirtualHost directives. I've dug around the httpd config documentation >> and >> I'm just not understanding it, everything I've tried just hasn't worked. >> >> thanks >> >> httpd 2.2 >> Tomcat 6.0 >> >> > At a guess, I'd say you've published, via HTTPD, the web application > directory. > > This is one of the reasons we advise users not publish webapp directories > via HTTPD. Using a separate webapps and document root is advisable. > > E.g. > > /path/to/site.com/httpdocs > /path/to/site.com/httpdocs/index.html > /path/to/site.com/httpdocs/images/ > /path/to/site.com/httpdocs/scripts/ > > /path/to/site.com/webapps > /path/to/site.com/webapps/ROOT > /path/to/site.com/webapps/myapp > > > If this isn't the case, you'll have to supply information about your mod_jk > / mod_proxy config so we can see what you're doing. > > > p > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >