tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rachel Greenham <rachel.green...@enetgroup.co.uk>
Subject WEB-INF left open to all and sundry by default
Date Fri, 01 Sep 2000 11:44:36 GMT
We noticed today that people could get at files in our WEB-INF directory,
while accessing the site through Apache. I did a quick fix with file
permissions so that Apache (nobody) couldn't enter that directory, but it
seems to me that a better solution would be a line in tomcat.conf to push
requests for anything in WEB-INF to Tomcat, which would then of course
refuse them. It would be nice if such a line was in the default tomcat.conf
file as distributed.

-- 
Rachel

Mime
View raw message