tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eduardo Andrés Alfonso Sierra <edal...@gmail.com>
Subject Avoid Directory Listings
Date Sun, 20 Feb 2005 07:18:24 GMT
Hi

I'm trying to stop tomcat from list contents of directories. I've
tried securing it and it works but has the BIG problem that you must
secure every directory separated.

Is there any posibility to secure the directory listings of every
directory in an application ??

Thanks in advance.



I'm doing this:

<security-constraint>
	<web-resource-collection>
		<web-resource-name>LISTINGS</web-resource-name>
		<url-pattern>/dir1/</url-pattern>
		<url-pattern>/dir1/dir11/</url-pattern>
		<url-pattern>/dir1/dir12/</url-pattern>
		<url-pattern>/dir1/dir11/dir111/</url-pattern>
		<url-pattern>/dir2/</url-pattern>
		<url-pattern>/dir2/dir21/</url-pattern>
		<http-method>GET</http-method>
		<http-method>POST</http-method>
	</web-resource-collection>
	<auth-constraint>
		<role-name>manager</role-name>
	</auth-constraint>
	<user-data-constraint>
		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
	</user-data-constraint>
</security-constraint>

It works but I MUST add a url-pattern tag FOR EVERY directory in my
application if i'm to avoid all directory listings in my context.

I've tryied patterns like /*/, /**/, /*/*/*/*/, */ and similar ones
and nothing worked.

Is possible to avoid easily , all the directory listings?

Thanks again.

Eduardo

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message