tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 44275] - isapi_redirect.dll denies access to URI's with META-INF / WEB-INF anywere in the URI
Date Thu, 24 Jan 2008 07:57:18 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44275>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=44275





------- Additional Comments From hburde@merentis.com  2008-01-23 23:57 -------
(In reply to comment #3)
> Why does isapi_redirector filter it ?  I thought TC itself would receive the
> request, calculate the meaning of the request is referencing a toplevel path
> within a context and return a 403/404/whatever.
> 
> isapi_redirect surely can be transparent in this regard ?

See Bug ID39614 for a explanation. The rediretor does some (redundant)
additional filtering independent of tomcat (jk_isapi_plugin.c / uri_is_web_inf :
looks for uri *containing* meta-inf / web-inf). 

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message