Ok, But would be the better way (of life) for this?
HTTPD vhost.conf:
<VirtualHost 192.168.100.40:80>
ServerAdmin xxx@yyy
DocumentRoot "D:/www/apps/app1/ROOT"
<Directory " D:/www/apps/app1/ROOT ">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
...
</VirtualHost>
Server.xml:
<Host name="app1" appBase=" D:/www/apps/app1/">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="app1_access_log." suffix=".txt" pattern="common"
resolveHosts="false"/>
</Host>
ROOT.xml in /conf/
<?xml version="1.0" encoding="UTF-8"?>
<Context docBase=" D:/www/apps/app1/ROOT " privileged="true"
reloadable="true" unpackWAR="true" antiJARLocking="true">
<Resource name="jdbc/jTDS"
auth="Container"
type="javax.sql.DataSource"
maxActive="100"
maxIdle="30"
maxWait="10000"
username="xxx"
password="xxx"
removeAbandoned="true"
removeAbandonedTimeout="60"
logAbandoned="true"
driverClassName="net.sourceforge.jtds.jdbc.Driver"
url="jdbc:jtds:sqlserver://db:1433/xxxx;charset=UTF-8"
/>
</Context>
Greetings
Alexander
-----Ursprüngliche Nachricht-----
Von: Pid [mailto:[email protected]]
Gesendet: Dienstag, 8. November 2011 16:21
An: Tomcat Users List
Betreff: Re: AW: mod_jk - Browser displays HTML Sourcecode
On 08/11/2011 15:12, Alexander Diedler wrote:
> Hello
>
>> That most probably means that the URL mappings for mod_jk are not
>> correct,
> and that Apache httpd is serving that content directly.
>> Look at (or show here) the JkMount lines that should be somewhere in
>> your
> Apache configuration.
>
> Was attached in the post:
> JkMount /* loadbalancer
> So everything would be served by tomcat.
>
>> At a second level, it also means that you are doing something that is
> really not recommended : allow Apache httpd access to the Tomcat
> application directories.
+1 I'd go further: *never* publish a Tomcat application docBase as an
HTTPD DocumentRoot.
>> That bypasses any security that you may have in Tomcat.
>> Your current problem is a perfect example : Apache now shows the
>> source
> code of your JSP pages. Hopefully there is no secret password in there.
>
>> Test : (http://www.test.de/xyz)/WEB-INF/web.xml
> Yes you are right, I can read the web.xml from the browser. How we can
> avoid it?
Don't publish a Tomcat application docBase as an HTTPD DocumentRoot.
Simples.
p
> Greetings
> Alexander
>
>
>
>>
>>
>>
>> In the Apache access log:
>>
>> xxx.xxx.214.145 - - [08/Nov/2011:14:44:08 +0100] "GET / HTTP/1.1" 200
>> 23281 ##OK
>>
>> xxx.xxx.214.145 - - [08/Nov/2011:14:44:11 +0100] "GET
>> /go/VV4QB69WO9F01A9KGBSYVGNVGHY6T95J HTTP/1.1" 200 88572 ##Not ok,
>> sorcecode displayed.
>>
>>
>>
>> In the virtual-host.conf:
>>
>> ## Tomcatanbindung
>>
>> JkMount /* loadbalancer
>>
>> JkOptions +ForwardURICompatUnparsed
>>
>> AllowEncodedSlashes On
>>
>>
>>
>>
>>
>> Greetings
>>
>> Alexander
>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
--
[key:62590808]
smime.p7s
Description: S/MIME cryptographic signature
