Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 68453 invoked from network); 4 Jul 2009 23:17:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 4 Jul 2009 23:17:46 -0000 Received: (qmail 34924 invoked by uid 500); 4 Jul 2009 23:17:52 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 34854 invoked by uid 500); 4 Jul 2009 23:17:52 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 34843 invoked by uid 99); 4 Jul 2009 23:17:52 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 04 Jul 2009 23:17:51 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of lists@nabble.com designates 216.139.236.158 as permitted sender) Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 04 Jul 2009 23:17:41 +0000 Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1MNETw-0007iw-Si for users@tomcat.apache.org; Sat, 04 Jul 2009 16:17:20 -0700 Message-ID: <24338874.post@talk.nabble.com> Date: Sat, 4 Jul 2009 16:17:20 -0700 (PDT) From: Keith67 To: users@tomcat.apache.org Subject: Tomcat for serving only static files - how to prevent the likes of JSP execution MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: keithmatthewwatson@gmail.com X-Virus-Checked: Checked by ClamAV on apache.org This might seem like a strange request, but I would like to use Tomcat to only serve static files, from a certain context anyway. I have an application I would like to allow users to upload files through, and then I want to be able to link to them and serve them from the server. If I do this, I run the risk of them uploading executable content (e.g. a JSP file) and then having it executed on the server, so I would like to stop this happening. Does anyone know how I could prevent any dynamic processing of files in a given Tomcat context. I appreciate I could just install Apache and do it that way but I'd rather just keep it simple with Tomcat. Thanks. -- View this message in context: http://www.nabble.com/Tomcat-for-serving-only-static-files---how-to-prevent-the-likes-of-JSP-execution-tp24338874p24338874.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org