httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Clark <>
Subject Re: [users@httpd] Tomcat 6 / Apache 2.2 integration problem (no images, no css loaded)
Date Fri, 21 Mar 2008 11:29:21 GMT
Andreas Schneider wrote:
> Michael Clark schrieb:
>> Andreas Schneider wrote:
>>> [Wed Mar 19 14:57:27 2008] [error] [client] client denied by
>>> server configuration:
>>> E:/server/apache-tomcat-6.0/temp/0-sw-builder/ci.css,
>>> referer: http://localhost/sw-builder/login.jsp
>> You have denies for the subdirectories of the expanded war but you don't
>> have an associated allow on that directory.
>>>     <Directory "E:/server/apache-tomcat-6.0/temp/0-sw-builder">
>>>         Options Indexes FollowSymLinks
>>>         DirectoryIndex index.html index.htm index.jsp
>> Try adding:
>>         AllowOverride None
>>         allow from all
> Yes, that's working. My problem is, that this conf file is auto
> generated (%CATALINA_HOME%/conf/auto/mod_jk.conf). Should I add this
> to the http.conf? Is that a security problem to do this?

Yes, sounds reasonable. There shouldn't be a security issue.

Assuming tomcat only extracts web apps into its temp dir - and nothing
else can be accessed there unless it is explicitly mapped by a clause in
the generated conf file, then you might like to add a clause in your
httpd.conf for the parent of the extracted webapp dir (then all will
work when other webapps are deployed or if the auto-generated
subdirectory names changes). e.g.

<Directory "E:/server/apache-tomcat-6.0/temp/">
        AllowOverride None
        allow from all

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message