tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob S." <rsli...@home.com>
Subject RE: [security] apache exposes web.xml, *.java, *.class
Date Fri, 24 Aug 2001 02:33:21 GMT
Simple... instruct Apache not to serve any directory with "WEB-INF" in the
path.  See the Apache docs at http://httpd.apache.org/.

Good luck! =)

- r

> -----Original Message-----
> From: HeoGwangNam [mailto:kenu@okjsp.pe.kr]
> Sent: Thursday, August 23, 2001 9:43 PM
> To: tomcat-user@jakarta.apache.org
> Subject: [security] apache exposes web.xml, *.java, *.class
>
>
> I use mod_jk.so to join apache 1.3.20 and tomcat 3.2.3 on Solaris 5.7
> and make DocumentRoot of httpd.conf indicate the Root of Tomcat
>
> after that
>
> The browser request of http://www.blar....com/WEB-INF/web.xml appears.
> even more
> http://www.blar....com/WEB-INF/classes/ok/Fn.java ,
> http://www.blar....com/WEB-INF/classes/ok/Fn.class
> source appears and class is downloadable.
>
> It's serious problem.
>
> what's wrong with my setup.
> How can I solve this problem.
>
> Please.
> when I use tomcat stand-alone, there is no problem similar to these.
>
>


Mime
View raw message