tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Mendez" <>
Subject Re: Standalone Tomcat : suppress directory listing in web.xml
Date Tue, 05 Nov 2002 17:13:08 GMT
> Stick a file called "index.html" in the directory where you want listings
> suppressed.

It may work. But imagine the following directory structure

Dir A contains Dir B, which contains Dir C
put a file index.htm in "Dir A"
Ok, but, if a "malicious" user knows the structure, he can easily access to
Dir B, by giving the full path ! Even more, if he knows the name of a file,
he can download it !

> Write a Filter to intercept all requests and look for a filename in the
> requests like "/" or "/myapp/" would be intercepted
> redirected.

Just a question about filter. "They are preprocessors of the request before
it reaches a servlet"
So, if I write


which is a request, the filter should run.

but if I write


or anything without "servlet/myapp" ... it's not a request to my servlet,
but just to Tomcat. I suppose it does not run ? Right ou false ?

> Make sure you have a welcome file list setup in your web.xml.

Yes, it set


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message