tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Layman <>
Subject RE: Prevent TC from serving documents
Date Thu, 24 Jan 2002 18:35:04 GMT

	You could create a new role (i.e. NEVER_ACCESS) and add that role to
the security-constraints for the files you don't want to serve in your
web.xml and then never give that role to any user.  Problem is you will have
to list each file individually, also people would be prompted for username
and password so they would know the file existed - they couldn't read it,
but sometime just know its there is bad enough.

	A separate approach would be to write a filter (since you're using
TC 4) that would look at the request URL and if it ended in ini or txt then
you could forward the request to nonexistant.html, which would produce a
404.  (Note if you sent the client a redirect then an astute web client
could figure out that the file existed.)


> -----Original Message-----
> From: Pablo Millet []
> Sent: Thursday, January 24, 2002 2:06 PM
> To: Tomcat Users List
> Subject: Prevent TC from serving documents
> Hi all.
> Is it possible to prevent TC4 from serving files like eg. 
> *.ini or *.txt.
> Even if I have direcorylisting=false Tomcat serves files if 
> "you know the
> correct path" !!!
> Thanx.
> --
> To unsubscribe:   <>
> For additional commands: <>
> Troubles with the list: <>

To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message