Re: Preventing httpd from accessing WEB-INF contents

Wed, 25 Nov 2009 09:20:39 -0800 

On 25/11/2009 16:47, Nikolay Diulgerov wrote:

Try

<Location /myapp/WEB-INF>

         AllowOverride None

         deny from all

     </Location>


Probably a better solution would be:

  <LocationMatch /*/WEB-INF/>
    AllowOverride None
    deny from all
  </LocationMatch>

  <LocationMatch /*/META-INF/>
    AllowOverride None
    deny from all
  </LocationMatch>
... but we're really just guessing what config is already in place - maybe the mod_jk / mod_proxy config could be adjusted instead.
Correcting a poor/broken config is a much better solution than attempting, blindly, to stick bandages on an unknown setup. 


p



-----Original Message-----
From: Jonathan Mast [mailto:jhmast.develo...@gmail.com]
Sent: Wednesday, November 25, 2009 6:40 PM
To: Tomcat Users List; p...@pidster.com
Subject: Re: Preventing httpd from accessing WEB-INF contents

yes I am keeping the all the web-app stuff in place.  I don't have the time
to re-architect my entire system to your suggested format.

I really need to just prevent httpd from accessing anything with "WEB-INF"
in the url.

On Wed, Nov 25, 2009 at 11:21 AM, Pid<p...@pidster.com>  wrote:


On 25/11/2009 16:13, Jonathan Mast wrote:


Can someone please provide the magical httpd config-cantation that will
block httpd from accessing anything in WEB-INF directories?

I need something that will be apply globally and can't be overridden by
VirtualHost directives.  I've dug around the httpd config documentation
and
I'm just not understanding it, everything I've tried just hasn't worked.

thanks

httpd 2.2
Tomcat 6.0



At a guess, I'd say you've published, via HTTPD, the web application
directory.

This is one of the reasons we advise users not publish webapp directories
via HTTPD.  Using a separate webapps and document root is advisable.

E.g.

  /path/to/site.com/httpdocs
  /path/to/site.com/httpdocs/index.html
  /path/to/site.com/httpdocs/images/
  /path/to/site.com/httpdocs/scripts/

  /path/to/site.com/webapps
  /path/to/site.com/webapps/ROOT
  /path/to/site.com/webapps/myapp


If this isn't the case, you'll have to supply information about your

mod_jk

/ mod_proxy config so we can see what you're doing.


p

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to