tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Gillman" <>
Subject jsp pages being served despite apache access restrictions
Date Wed, 15 Jan 2003 13:15:30 GMT
I am using apache 2.0.40, tomcat 4.1.10 and mod_jk2 2.0.1

I want to restrict access to a certain directory on my site - Simple.  So I
add a directory directive to my virtual host directive.  This works fine for
my static content.  Obviously I want all my jsp pages sent to tomcat for
processing so I have created the neccessary workers and added a Location
directive to my virtual host directive.

However this is resulting in the jsp page being processed and returned to
the user without them being prompted for authorization.  i.e. it seems
apache is passing off the request to tomcat before checking if the directory
is restricted.  My understanding is that that directory directive should get
processed before the location one.

Any ideas how to get this to work correctly?

Here is my and the relavent section of my httpd.conf

# Define the communication channel
info=Ajp13 forwarding over socket

# define the worker

# Map the Tomcat examples webapp to the Web server uri space
info=Map the whole webapp

# Use a location directive in httpd.conf instead
# [uri:/*.jsp]
# info=Map all jsp pages

# Shared memory handling. Needs to be set.

<VirtualHost *>
    DocumentRoot /home/httpd/www/
    ErrorLog     /home/httpd/www/
    CustomLog    /home/httpd/www/ combined

        <Directory /home/httpd/www/>
        Options FollowSymLinks
        AuthType Basic
        AuthName ""
        AuthUserFile /home/httpd/www/
        require valid-user
<Location "/*.jsp">
  JkUriSet worker ajp13:localhost:8009

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message