tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: tomcat and apache document root
Date Wed, 29 Jul 2009 19:43:25 GMT
Nikolay Diulgerov wrote:
> Mark,
> what do you mean by
> separation of httpd and Tomcat

I mean that my own view is that httpd and Tomcat should not be serving
content from the same directory structure. That way only Tomcat can
possibly serve the files Tomcat is meant to serve and only httpd can
serve the files httpd is meant to serve. If you get your configuration
wrong the worst that will happen is a 404.

If Tomcat and httpd serve files from the same directory structure and
you get your configuration wrong the worst that can happen is that files
that are never meant to be accessible are readable to anyone with a browser.

Mark

> 
> Do you mean that httpd should redirect all requests to tomcat and not
> serve static files?
> Or that httpd should have alias /myapp
> and still serve static files for it.
> Or something different? 
> 
> 
> 
> Mark Thomas wrote:
>> Nikolay Diulgerov wrote:
>>  
>>> I wonder then if I can use in server.xml
>>> <Context path="" docBase="/tomcat/webapps/myapp"/>
>>> To change the default application serving when someone requests
>>> myserver.com:8080
>>>     
>>
>> No. That will result in double deployment. Just rename webapps/myapp to
>> webapps/ROOT
>>
>>  
>>> And then in apache to use
>>>
>>> DocumentRoot "/tomcat/webapps/myapp"
>>>     
>> Make this:
>> DocumentRoot "/tomcat/webapps/ROOT"
>> and also below.
>>
>>  
>>> <Directory "/tomcat/webapps/myapp">
>>>    Options FollowSymlinks
>>>    DirectoryIndex index.html login.jsp
>>>    AllowOverride None
>>>    Allow from all
>>> </Directory>
>>>    <Directory "/tomcat/webapps/myapp/WEB-INF/">
>>>    AllowOverride None
>>>    deny from all
>>> </Directory>
>>>    <Directory "/tomcat/webapps/myapp/META-INF/">
>>>    AllowOverride None
>>>    deny from all
>>> </Directory>
>>>     
>> Better. Depending on settings JSP source code disclosure may still be an
>> issue. (ie requests for index.jSp may get served by httpd as static
>> files).
>>
>>  
>>> JkMount /*.jsp client
>>> JkMount /*.do client
>>>     
>>
>>
>> I always recommend separation of httpd and Tomcat but if you are going
>> to have them serving from the same directory structure then you are
>> heading in the right direction.
>>
>> Mark
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>   
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message