tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: Security RISK !
Date Tue, 22 Oct 2002 18:29:33 GMT
You'll want to protect your WEB-INF directory as well as any properties 
files. You can do that by using by the following in your httpd.conf: 
(This should be the syntax)

<Files ~ "\.properties$">
     Order allow,deny
     Deny from all
     Satisfy All
</Files>

<Directory ~ "/WEB-INF/">
     Order allow,deny
     Deny from all
     Satisfy All
</Directory>


Sigurður Bjarnason wrote:
> Hi all
> 
> I am using apache 1.3 and tomcat 4.0.4 together
> 
> I use apache to serve all the static content, witch I have a special directory for and
Tomcat serve all the jsp and servlet stuff..
> 
> The question is.. is there any security risk if I Have the Apache DocumentRoot pointing
straight to the webapps folder ?!
> ¨
> Best Regards
> Siggi
> 


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message