tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Jackson" <mjack...@cdi-hq.com>
Subject RE: Need Help plz
Date Thu, 30 May 2002 22:43:14 GMT
1) Get off of windows :)

   Or add the following to web.xml under $TOMCAT_HOME/conf, unless I'm
mistaken that should cover all of the possible miss-cases of "jsp".

  <servlet-mapping>
    <servlet-name>jsp</servlet-name>
    <url-pattern>*.Jsp</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>jsp</servlet-name>
    <url-pattern>*.JSp</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>jsp</servlet-name>
    <url-pattern>*.JsP</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>jsp</servlet-name>
    <url-pattern>*.JSP</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>jsp</servlet-name>
    <url-pattern>*.jSp</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>jsp</servlet-name>
    <url-pattern>*.jSP</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>jsp</servlet-name>
    <url-pattern>*.jsP</url-pattern>
  </servlet-mapping>

2) You'll probably have to do this in your application I think.  If it were
me I'd create a singleton class that stored a list of login attempts with ip
address of the source, and prior to allowing some client to attempt login
I'd check the list.

--mikej
-=-----
mike jackson
mjackson@cdi-hq.com

> -----Original Message-----
> From: Walid Mohamed Al Abbadi [mailto:wabbadi@eng.aast.edu]
> Sent: Thursday, May 30, 2002 3:24 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Need Help plz
>
>
>
> Hi ,
>
>       i need  help please in two subjects .. My problems are what
> configuration I should have to do in the server to prevent:
>
>  1)       Prohibit downloading the *.jsp files from any client on the
> internet... [ I noticed that if  I wrote the URL of my site ending with
> myFile.JSP  [ JSP in Capital letters] the page not opened ! , but  the
> server offered me to download the file it self ! ..Which I
> don&#8217;t want
> any user knows this property to download my own source-code jsp files!
>
>  2)       My application  is  depend on a password authentication  , which
> I don&#8217;t want  any cracker to keep trying usernames/passwords for
> many tries ..  How should I tell the server to block an ip after 3 times
> tries [for example] and for how long this ip will be blocked!
>
>   are thses problems related with the Apache server or Tomcat
> serve or both
> of them !!.. does anyone face like these problems ?!
>
>
>  Java_lover : Walid
>
> --
> To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
>


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message