tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 32696] New: - WEB-INF protection stops IIS
Date Tue, 14 Dec 2004 15:39:16 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32696>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=32696

           Summary: WEB-INF protection stops IIS
           Product: Tomcat 4
           Version: 4.1.30
          Platform: PC
        OS/Version: Windows NT
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Unknown
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: hugomendonca@gmail.com


Hi,

 

We are having a strange behavior with Jakarta filter loaded in NT4.0 Enterprise 
Edition with IIS 4.0.

After reproducing the steps the IIS service stops:

“telnet (server) 80

GET /WEB-INF./web.xml http/1.1”

 

The output generated is:

################################################################################
########

HTTP/1.1 403 Forbidden

Server: Microsoft-IIS/4.0

Date: Thu, 09 Dec 2004 23:34:29 GMT

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><TITLE

>Access forbidden!!</TITLE></HEAD><BODY><H1>Access forbidden!</H1><DL><DD>

                                                                          You do

n't have permission to access the requested object.It is either read-protected o

r not readable by the server.</DL></DD></BODY></HTML>

################################################################################
########

 

In the event viewer is displayed (sounds correct):

################################################################################
########

Emerg:  [jk_isapi_plugin.c (434)]: HttpFilterProc [/web-inf./web.xml] points to 
the web-inf or meta-inf directory.

Somebody try to hack into the site!!!

################################################################################
########

 

If Jakarta filter is not loaded there is no problem. We are using jakarta-
tomcat-connectors jk 1.2.6 win32-IIS.

 

Regards,

Hugo Mendonça

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message