tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Preventing httpd from accessing WEB-INF contents
Date Wed, 25 Nov 2009 18:31:11 GMT
Jonathan Mast wrote:
> My understanding of Location directives is that cannot be used with regex
> and if not then thats not what I'm looking for.

Then your understanding of Location directives is wrong.
Why don't you look up the original article ?
(and LocationMatch)

> I have multiple contexts underneath multiple (virtual) hosts.  I need a
> VirtualHost level directive that will block any attempts to access
> */WEB-INF/* on that host.
> Adding a new Location directive to httpd.conf for each context would be alot
> of work and something that would be easy to forget to do.
Well, /you/ are the one who created the mess in the first place, so 
don't complain at us.

A tip (also in the Apache documentation, about VirtualHost) :

Generally speaking, configuration directives you use in the "main" part 
of the Apache server config (by this meaning what is outside of a 
<VirtualHost>..</VirtualHost> block), is inherited by all VirtualHost 
sections, and acts as a default unless specifically overridden inside 
the <VirtualHost> sections.
In other words, if you use a <LocationMatch> section in the main 
configuration, it will "carry over" to all VirtualHosts.

Note that I'm leaving something here to figure out by yourself, not that 
you would get rusty or lazy or so.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message