tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Wadkin <j.wad...@hud.ac.uk>
Subject RE: Prevent TC from serving documents
Date Thu, 24 Jan 2002 19:46:44 GMT
Wouldn't a Remote Host or Address Filter come in handy here? Has deny and
allow like Apache. Just a guess!

Thanks,
 
John
 
Quote for the week:
 
The men with the muck-rakes are often indispensable to the well-being of
society; but only if they know when to stop raking the muck.
 
Theodore Roosevelt, Speech in New York, 11 Nov. 1902
 


-----Original Message-----
From: Randy Layman [mailto:randy.layman@aswethink.com]
Sent: 24 January 2002 18:35
To: 'Tomcat Users List'
Subject: RE: Prevent TC from serving documents



	You could create a new role (i.e. NEVER_ACCESS) and add that role to
the security-constraints for the files you don't want to serve in your
web.xml and then never give that role to any user.  Problem is you will have
to list each file individually, also people would be prompted for username
and password so they would know the file existed - they couldn't read it,
but sometime just know its there is bad enough.

	A separate approach would be to write a filter (since you're using
TC 4) that would look at the request URL and if it ended in ini or txt then
you could forward the request to nonexistant.html, which would produce a
404.  (Note if you sent the client a redirect then an astute web client
could figure out that the file existed.)

	Randy

> -----Original Message-----
> From: Pablo Millet [mailto:pablo.millet@redmessage.com]
> Sent: Thursday, January 24, 2002 2:06 PM
> To: Tomcat Users List
> Subject: Prevent TC from serving documents
> 
> 
> Hi all.
> 
> Is it possible to prevent TC4 from serving files like eg. 
> *.ini or *.txt.
> Even if I have direcorylisting=false Tomcat serves files if 
> "you know the
> correct path" !!!
> 
> 
> Thanx.
> 
> 
> 
> 
> 
> 
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
> 

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message