tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Mendez" <men...@lug.com>
Subject Re: Standalone Tomcat : suppress directory listing in web.xml
Date Tue, 05 Nov 2002 17:13:08 GMT
> Stick a file called "index.html" in the directory where you want listings
> suppressed.

It may work. But imagine the following directory structure

Dir A contains Dir B, which contains Dir C
put a file index.htm in "Dir A"
Ok, but, if a "malicious" user knows the structure, he can easily access to
Dir B, by giving the full path ! Even more, if he knows the name of a file,
he can download it !

>
> Write a Filter to intercept all requests and look for a filename in the
> request...open-ended requests like "/" or "/myapp/" would be intercepted
and
> redirected.

Just a question about filter. "They are preprocessors of the request before
it reaches a servlet"
So, if I write

http://localhost:8080/myapp/servlet/myapp?Agent=myagent

which is a request, the filter should run.

but if I write

http://localhost:8080/myapp

or anything without "servlet/myapp" ... it's not a request to my servlet,
but just to Tomcat. I suppose it does not run ? Right ou false ?

>
> Make sure you have a welcome file list setup in your web.xml.
>

Yes, it set

Thanks


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message