tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: Standalone Tomcat : suppress directory listing in web.xml
Date Tue, 05 Nov 2002 17:16:40 GMT


On Tue, 5 Nov 2002, Marc Mendez wrote:

> Date: Tue, 5 Nov 2002 18:13:08 +0100
> From: Marc Mendez <mendez@lug.com>
> Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> Subject: Re: Standalone Tomcat : suppress directory listing in web.xml
>
> > Stick a file called "index.html" in the directory where you want listings
> > suppressed.
>
> It may work. But imagine the following directory structure
>
> Dir A contains Dir B, which contains Dir C
> put a file index.htm in "Dir A"
> Ok, but, if a "malicious" user knows the structure, he can easily access to
> Dir B, by giving the full path ! Even more, if he knows the name of a file,
> he can download it !
>

You can suppress directory indexes in the $CATALINA_HOME/conf/web.xml
file.  See the "listings" init parameter for the "default" servlet.

> >
> > Write a Filter to intercept all requests and look for a filename in the
> > request...open-ended requests like "/" or "/myapp/" would be intercepted
> and
> > redirected.
>
> Just a question about filter. "They are preprocessors of the request before
> it reaches a servlet"
> So, if I write
>
> http://localhost:8080/myapp/servlet/myapp?Agent=myagent
>
> which is a request, the filter should run.
>
> but if I write
>
> http://localhost:8080/myapp
>
> or anything without "servlet/myapp" ... it's not a request to my servlet,
> but just to Tomcat. I suppose it does not run ? Right ou false ?

You have complete control over which requests your filter applies to,
because you are defining a <filter-mapping> for it.  In particular, if you
use a URL pattern of "/*" in your filter mapping, then *all* requests for
your webapp will go through the filter.

Of course, you have the same degree of control over the URLs that select
your servlet, by using <servlet-mapping> elements -- there's no
requirement that "/servlet/*" be used.

>
> >
> > Make sure you have a welcome file list setup in your web.xml.
> >
>
> Yes, it set
>
> Thanks

Craig


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message