> From: Robert Jacobson [mailto:robert.c.jacob...@nasa.gov] > Subject: deny access to directory
> I'm trying to deny access to the .svn directories for my > Tomcat 6.0.32 installation "Doctor, doctor, it hurts when I do this." This begs the question: why do you have .svn directories underneath your Tomcat installation? Sounds very much like a terribly flawed deployment strategy. Just don't do that. > I don't want Tomcat to return the content of any file in .svn/. The easiest fix is simply not to have any .svn directories in the Tomcat directory tree. > I tried the following in $TOMCAT_DIR/webapps/ROOT/WEB-INF/web.xml: That only protects the ROOT (default) webapp, not your erroneously deployed .svn one. The <url-pattern> is relative to the context path, it's not absolute. > Can someone please tell me why the above changes did > not work? They worked exactly as specified - read the servlet spec. > I'm puzzled why Tomcat is returning webapps/.svn/entries instead > of ROOT/.svn/entries? Because you have deployed a webapp named .svn, simply by its existence immediately under the <Host> appBase directory. The presence of the .svn webapp matches the /.svn URL, so it makes any similarly named directory under ROOT invisible. Again, read the servlet spec. The best fix is to simply remove the .svn directories. The Tomcat directory structure is not an appropriate place to keep a working copy from your source repository. I suppose you could try disabling auto-deployment, but that would be a kludge on top of a bad situation. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org