The beauty of open source is that you can look at the source. :) I searched for
your error string and ran across the following in the HttpFilterProc() function
in jk_isapi_plugin.c. It looks like it's trapping for an attempt to access
WEB-INF or META-INF directly (which is illegal), and correctly logging an error
and returning "403 Forbidden".
/*
* Check if somebody is feeding us with his own TOMCAT data headers.
* We reject such postings !
*/
env->l->jkLog(env, env->l, JK_LOG_DEBUG,
"HttpFilterProc check if [%s] is pointing to the web-inf directory\n",
uri);
if(jk_requtil_uriIsWebInf(uri)) {
env->l->jkLog(env, env->l, JK_LOG_EMERG,
"HttpFilterProc [%s] points to the web-inf or meta-inf
directory.\nSomebody try to hack into the site!!!\n", uri);
write_error_response(pfc,"403 Forbidden", HTML_ERROR_403);
workerEnv->globalEnv->releaseEnv( workerEnv->globalEnv, env );
return SF_STATUS_REQ_FINISHED;
}
Jay
| Jay Burgess [Vertical Technology Group]
| "Essential Technology Links via RSS"
| http://www.vtgroup.com/
-----Original Message-----
From: Warren Barton - BGT Partners [mailto:wbarton@bgtpartners.com]
Sent: Thursday, May 12, 2005 3:15 PM
To: tomcat-dev@jakarta.apache.org
Subject: Event log message: "Somebody try to hack into the site!!!"
Hello, I have Tomcat served via an IIS ISAPI filter on Windows 2003, all
is working well except... I get this message repeatedly each day in my
Windows Event Viewer:
"Application Event Log failure message: [1] Emerg: [jk_isapi_plugin.c
(434)]: HttpFilterProc [/web-inf/] points to the web-inf or meta-inf
directory. Somebody try to hack into the site!!!"
I've googled and yahooed as much as I can on this one, nothing
definitive. What servlet actions could trigger this message, or what
actions at all for that matter? Any help is greatly appreciated!
Thanks,
- Warren
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
|