Luciano Andress Martini wrote:
I really want to block a directory like
/webapps/temporarios/upload_contracheque
Yes is the first option but withou moving the directory outside
tomcat, because im not the developer of the system,
then why are you messing it up ? ;-)
and i just put
this system on the server.... and i really need to simple block this
directory...=//
I need to block this, in the similar way that i do in apache...
Yes, but Tomcat is not Apache httpd, and their security models are different.
If you try to just do in Tomcat "like in Apache", then it will be very easy to create a
security hole.
/var/lib/tomcat6/webapps/temporarios/upload_contracheque
The above directory layout means that for Tomcat, "temporarios" is a "context" (= a
webapp). And inside this webapp "temporarios", "upload_contracheque" is just a path.
By default, Tomcat will serve anything inside the sub-directory "upload_contracheque", via
the default servlet.
To block access to that path inside of your webapp "temporarios", you will have to do
something specific for that path, inside of the file
/var/lib/tomcat6/webapps/temporarios/WEB-INF/web.xml
If you are not the developer, can you do that ? can you change the content of that web.xml
file ? what if the real developer provides a new version of that webapp (including a new
web.xml file) ?
> I really cant move this outside this directory.
You have not really provided a good reason why not.
And there are several good reasons why you should not have, under
/var/lib/tomcat6/webapps, a directory where files are being uploaded.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
