tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: WEB-INF and classes directories are readables in my linux
Date Sat, 02 Dec 2000 23:13:41 GMT
Landaluze Produktions IS - Carlos wrote:

> i have make virtual domains in my linux, but in each virtual domain i can
> see (with the browser) the WEB-INF and the WEB-INF/classes directory and
> theris files.
> How can i make no readable (no read) these directories?
> thaks and excuse my english
>

Are you using the standard tomcat-apache.conf configuration file that is set up
for you?  If so, it has appropriate coding to prevent this.  For example, a
typical entry for a web app would look like this (with $TOMCAT_HOME expanded to
wherever you installed Tomcat):

    Alias /examples "/$TOMCAT_HOME/webapps/examples"
    <Directory "$TOMCAT_HOME/webapps/examples">
        Options Indexes FollowSymLinks
    </Directory>
    ApJServMount /examples/servlet /examples
    <Location "/examples/WEB-INF/">
        AllowOverride None
        deny from all
    </Location>
    <Location "/examples/META-INF/">
        AllowOverride None
        deny from all
    </Location>

It is the <Location> directives that tell Apache not to make these directories
visible.

When using Tomcat stand-alone, you don't have to do anything to prevent access
to these directories -- they are protected by code internal to Tomcat.

Craig McClanahan



Mime
View raw message