tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 29558] - JK2 blocks access to WEB-INF
Date Tue, 15 Jun 2004 08:58:56 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=29558>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=29558

JK2 blocks access to WEB-INF

tkl@telenet.ch changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |



------- Additional Comments From tkl@telenet.ch  2004-06-15 08:58 -------
This is correct for WEB-INF directories contained within a web application. It 
doesn't tell anything about directories outside of web applications!

In my case I have a CGI-application (running within IIS) for giving access to my 
CVS repository. In this repository is a WEB-INF directory (because I'm 
developing a web application :-). Nothing JK2 SHOULD be concerned about... but 
it does block the access.

Now I understand that it's very convinient not to have to remember to block the 
access to WEB-INF directories within your web applications, especially if you 
serve static content from IIS directly.

However JK2 should have an option to exclude some directories from this check - 
exactly for this case where I as the administrator know what I'm doing.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message