Return-Path: 
 <tomcat-user-return-51195-qmlist-jakarta-archive-tomcat-user=nagoya.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org
Received: (qmail 17983 invoked from network); 1 Feb 2003 16:33:58 -0000
Received: from exchange.sun.com (192.18.33.10)
  by daedalus.apache.org with SMTP; 1 Feb 2003 16:33:58 -0000
Received: (qmail 927 invoked by uid 97); 1 Feb 2003 16:35:27 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org
Received: (qmail 920 invoked from network); 1 Feb 2003 16:35:27 -0000
Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12)
  by nagoya.betaversion.org with SMTP; 1 Feb 2003 16:35:27 -0000
Received: (qmail 16458 invoked by uid 500); 1 Feb 2003 16:33:43 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 16439 invoked from network); 1 Feb 2003 16:33:42 -0000
Received: from 80-24-209-146.uc.nombres.ttd.es (HELO server.honek.org)
 (80.24.209.146)
  by daedalus.apache.org with SMTP; 1 Feb 2003 16:33:42 -0000
Received: from localhost (localhost [127.0.0.1])
	by server.honek.org (Sendmail 8.9.12 on SuSE Linux 8.0 (i386)) with ESMTP id
 5E7071D80C
	for <tomcat-user@jakarta.apache.org>; Sat,  1 Feb 2003 17:32:23 +0100 (CET)
Received: from lpis (217-127-108-221.uc.nombres.ttd.es [217.127.108.221])
	by server.honek.org (Sendmail 8.9.12 on SuSE Linux 8.0 (i386)) with ESMTP id
 2104F1D7FA
	for <tomcat-user@jakarta.apache.org>; Sat,  1 Feb 2003 17:32:18 +0100 (CET)
Message-ID: <000c01c2ca0f$7a7ce1c0$0201a8c0@lpis>
From: "Dionisio Ruiz de Zarate" <dionisio@tinieblas.com>
To: <tomcat-user@jakarta.apache.org>
Subject: running tomcat + apache and the system shows me the xml file. bur or
 bad configuration?
Date: Sat, 1 Feb 2003 17:32:10 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Virus-Scanned: by AMaViS 0.3.12pre8
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

I have one application running in tomcat 4.1.18 and apache.
if i have writte in the browser (explorer):
http://www.domain.com/WEB-INF/web.xml
the system shows me the file.
This is one great security problem.
How can i deny this?
i the appache conf file i have:
<Directory "WEB-INF">
Options -Indexes
AllowOverride None
Order deny,allow
Deny from all
</Directory>

Please help me


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org