From users-return-229180-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org Tue Nov 8 15:13:00 2011 Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 351F5936F for ; Tue, 8 Nov 2011 15:13:00 +0000 (UTC) Received: (qmail 82180 invoked by uid 500); 8 Nov 2011 15:12:56 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 82114 invoked by uid 500); 8 Nov 2011 15:12:56 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 82105 invoked by uid 99); 8 Nov 2011 15:12:56 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Nov 2011 15:12:56 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [62.91.2.142] (HELO mx-n2.bisping.de) (62.91.2.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Nov 2011 15:12:48 +0000 Received: from remote.tecracer.com ([193.218.214.220]) by mx-n2.bisping.de with esmtp (Exim 4.50) id 1RNnLe-0006Tz-MO for users@tomcat.apache.org; Tue, 08 Nov 2011 16:12:26 +0100 Received: from DC01.tecracerde.local ([fe80::32d8:79c6:6181:3006]) by DC01.tecracerde.local ([fe80::32d8:79c6:6181:3006%12]) with mapi; Tue, 8 Nov 2011 16:12:25 +0100 From: Alexander Diedler To: Tomcat Users List , Tomcat Users List Date: Tue, 8 Nov 2011 16:12:23 +0100 Subject: AW: mod_jk - Browser displays HTML Sourcecode Thread-Topic: mod_jk - Browser displays HTML Sourcecode Thread-Index: AcyeJ9FE81kOACbbTwaR6m49oqOSgwAALYTg Message-ID: <739CCB2D4BF8FD48985D6E158AD327B81EB9E5678D@DC01.tecracerde.local> References: <739CCB2D4BF8FD48985D6E158AD327B81EB9E56778@DC01.tecracerde.local> <4EB944F4.9060600@ice-sa.com> In-Reply-To: <4EB944F4.9060600@ice-sa.com> Accept-Language: de-DE Content-Language: de-DE X-MS-Has-Attach: yes X-MS-TNEF-Correlator: acceptlanguage: de-DE Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0077_01CC9E31.331A27C0" MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org ------=_NextPart_000_0077_01CC9E31.331A27C0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hello >That most probably means that the URL mappings for mod_jk are not correct, and that Apache httpd is serving that content directly. >Look at (or show here) the JkMount lines that should be somewhere in your Apache configuration. Was attached in the post: JkMount /* loadbalancer So everything would be served by tomcat. >At a second level, it also means that you are doing something that is really not recommended : allow Apache httpd access to the Tomcat application directories. >That bypasses any security that you may have in Tomcat. >Your current problem is a perfect example : Apache now shows the source code of your JSP pages. Hopefully there is no secret password in there. >Test : (http://www.test.de/xyz)/WEB-INF/web.xml Yes you are right, I can read the web.xml from the browser. How we can avoid it? Greetings Alexander > > > > In the Apache access log: > > xxx.xxx.214.145 - - [08/Nov/2011:14:44:08 +0100] "GET / HTTP/1.1" 200 > 23281 ##OK > > xxx.xxx.214.145 - - [08/Nov/2011:14:44:11 +0100] "GET > /go/VV4QB69WO9F01A9KGBSYVGNVGHY6T95J HTTP/1.1" 200 88572 ##Not ok, > sorcecode displayed. > > > > In the virtual-host.conf: > > ## Tomcatanbindung > > JkMount /* loadbalancer > > JkOptions +ForwardURICompatUnparsed > > AllowEncodedSlashes On > > > > > > Greetings > > Alexander > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org ------=_NextPart_000_0077_01CC9E31.331A27C0 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIP9jCCBKow ggOSoAMCAQICDi5qAAEAAh/XUiEsEVw7MA0GCSqGSIb3DQEBBQUAMHYxCzAJBgNVBAYTAkRFMRww GgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFz cyAyIENBMSUwIwYDVQQDExxUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBIElJMB4XDTA2MDExMjE0 Mzg0M1oXDTI1MTIzMTIyNTk1OVowdjELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2Vu dGVyIEdtYkgxIjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0ExJTAjBgNVBAMTHFRD IFRydXN0Q2VudGVyIENsYXNzIDIgQ0EgSUkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQCrgIebjvDDfIfX6CSCEbM83UNi7vjDRdro4aBf0Sqy6pNo37TI1kPpxHVZf/zhHfgxcCMbiJ4n uXv9OtLJqekUL5C+A1LBSc32/eQIZgtXiqJCoLjVf2lckDKylw3KStxGPgJViVPjGlrLNsYHVveM zxH0TLswcASVpfY5jP1zgQh9iV4yHiKpIkVLsGYuMMyfZf38y4Gp8eA7r6OG0YnqxEV5UF2u6SF0 kk2LWYKPlOPpSvHnSbAU4/Viy9VyvR+50p+gzaj6AcjZDd/a/Eeds8hU30lK8SGp/hhO7kjUGbvv feTinctbtm7/481a53SCBbqAJTjL5Gmer0GqGoT1AgMBAAGjggE0MIIBMDAPBgNVHRMBAf8EBTAD AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU46tUTICh21ZDt5FKy/OCehNcCKswge0GA1Ud HwSB5TCB4jCB36CB3KCB2YY1aHR0cDovL3d3dy50cnVzdGNlbnRlci5kZS9jcmwvdjIvdGNfY2xh c3NfMl9jYV9JSS5jcmyGgZ9sZGFwOi8vd3d3LnRydXN0Y2VudGVyLmRlL0NOPVRDJTIwVHJ1c3RD ZW50ZXIlMjBDbGFzcyUyMDIlMjBDQSUyMElJLE89VEMlMjBUcnVzdENlbnRlciUyMEdtYkgsT1U9 cm9vdGNlcnRzLERDPXRydXN0Y2VudGVyLERDPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/ YmFzZT8wDQYJKoZIhvcNAQEFBQADggEBAIzX337uG4AQs4P12xHqa0uokhjZ9wc59Sy+BnV6aFMV HOpK7V78I7IToNMJ//b2LmtBcXnN4m39rllrhR24TiKa7WY5bkuU5lX8CxuLd8FTE2aJ2SjWi/NF SmO3/XsLYV24bb7D3Ft50u2G5aJNvl50fGrtFjgff1iBWhrrMogtsvM5d4CvXrZhdSnbI02IylAo y4XS0xCiWW7Tk1QAeqJGlYYFnKkZmOUxcgwA4mfZQOAkM3tvLLlcq2WdLKx26jWZ9Ze5DyTsx3Yh KGWuV+gHiHVKVqDSBTqk5o2SiCzz8uHBxmHbQcXHm/cOGlFFwmFr3GQnF4xat9p0KM2X5L0wggV0 MIIEXKADAgECAg5c4AABAAL4elutM56L7jANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQGEwJERTEc MBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21iSDElMCMGA1UECxMcVEMgVHJ1c3RDZW50ZXIgQ2xh c3MgMiBMMSBDQTEoMCYGA1UEAxMfVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBMMSBDQSBYSTAeFw0x MDA2MDExOTUzMjVaFw0xMjA2MDExOTUzMDlaMHQxCzAJBgNVBAYTAkRFMRYwFAYDVQQIEw1OaWVk ZXJzYWNoc2VuMREwDwYDVQQHEwhIYW5ub3ZlcjEeMBwGA1UEChQVdGVjUmFjZXIgR21iSCAmIENv LktHMRowGAYDVQQDExFBbGV4YW5kZXIgRGllZGxlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAMeYa/zrNeOsJb5y6+lVzdqAlNhUOG+vILJj5P2nOzHrvDGi6gEOZZzmEcK3L6oZ14Nu jUx7PN6tCgDymsco/icoLPvu5lP5CaPiZoQOK7XBWaJmtM4gtbrw/5YhMt53u+Ns+KIIshPRzmm0 XO2QiXZWwKf0Lj+de0aRrzxqn/kGiha43rvblKCdao4ySIHVPOp3Zxlod4kZeo12v+vUQNdKeqjo 6SkoX+P1ZTQ7BPM3Bf93LlzNCkU1FyFRjFoQosDpDujx5fPErHSA6bj+xika0nqUOMub8aTBUQnd tDnKynZx4PANEbjTwJ5Ej6Aylf77NpKvEkRUq2hJqXroaxECAwEAAaOCAfowggH2MIGaBggrBgEF BQcBAQSBjTCBijBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy50cnVzdGNlbnRlci5kZS9jZXJ0c2Vy dmljZXMvY2FjZXJ0cy90Y19jbGFzczJfTDFfQ0FfWEkuY3J0MDUGCCsGAQUFBzABhilodHRwOi8v b2NzcC54aS50Y2NsYXNzMi1paS50cnVzdGNlbnRlci5kZTAfBgNVHSMEGDAWgBRms8aR+bbNsl+a N1ZGDOJr1bF8tDAMBgNVHRMBAf8EAjAAMEoGA1UdIARDMEEwPwYJKoIUACwBAQECMDIwMAYIKwYB BQUHAgEWJGh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lczAOBgNVHQ8BAf8EBAMC BPAwHQYDVR0OBBYEFGL19fbc7v/PPalFPP2757Z0x3NnMFcGA1UdHwRQME4wTKBKoEiGRmh0dHA6 Ly9jcmwueGkudGNjbGFzczItaWkudHJ1c3RjZW50ZXIuZGUvY3JsL3YyL3RjX2NsYXNzMl9MMV9D QV9YSS5jcmwwMwYDVR0lBCwwKgYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBwYKKwYBBAGC NxQCAjAfBgNVHREEGDAWgRRhZGllZGxlckB0ZWNyYWNlci5kZTANBgkqhkiG9w0BAQUFAAOCAQEA H3NZ7Rk1+rTDJYpqbyYlpgCM5Jgnfkh+XzmBIHpBF4ZqcrbmC9jvnl4SXMskYbJsSxPNbszjOdp/ N2POQh1fKdiIF0/6rDpb3isu0QHlUN4pRcZNrsyQf4+69WaKI7Ap7DiHNQ60d1k/b1RuhXnVLZoF LXsur7yJFtCUDgCng+4B8jm5+yU1q+559+ky+Q9Yz6e+nQwSJ4mUDHJWGKUD3ihvduWzjhb8Yc0y kn5bKAMG2m+X4yqNSVvqu174xyP1OthFKezvSIE1GUIqBTXEEiPp5JfZNvUCdOLXoTTwzjUaK31X xMWeARZKUWckRdrOJ1i8hPO8vKtujTJwiQviNzCCBcwwggS0oAMCAQICDhxQAAEAAoVDWfHzLs0m MA0GCSqGSIb3DQEBBQUAMHYxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBH bWJIMSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMSUwIwYDVQQDExxUQyBUcnVz dENlbnRlciBDbGFzcyAyIENBIElJMB4XDTA5MTEwMzE0MDgyNloXDTI1MTIzMTIxNTk1OVowfDEL MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJTAjBgNVBAsTHFRDIFRy dXN0Q2VudGVyIENsYXNzIDIgTDEgQ0ExKDAmBgNVBAMTH1RDIFRydXN0Q2VudGVyIENsYXNzIDIg TDEgQ0EgWEkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9F0b0mQZXybSplaMMtH3x XVwvWdny3pQ6Oq7PN/KXVO9YY2RnYB1DDtmWz2QzTRzN/si0U50sf/Jow5f/jxRBJnKec8LdRsr5 dCSn9QyBQcHyN2K18qLSQfpTsiOvm9sEm+5kNXKwMpFgmVUMxunJiJf5o2kO5Q/K9+uKMKghQJAi vr6uCqVL65ATqXCm1UO+72/18ZTusR7ruYOgQr/Ni3eWoNg4lhvxg1SXYVLHfqX9dDZms9aZFwZR QqrlNKPzemFgSxLNN+NyD5LtEH069lJtOX0M79W/j+zwQh2WiO+FH4Xi0wBHwhIb66vu5sY+lehf 4/dSnKMfQBTiVDLFAgMBAAGjggJQMIICTDCBlQYIKwYBBQUHAQEEgYgwgYUwTwYIKwYBBQUHMAKG Q2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2VydHNlcnZpY2VzL2NhY2VydHMvdGNfY2xhc3Nf Ml9jYV9JSS5jcnQwMgYIKwYBBQUHMAGGJmh0dHA6Ly9vY3NwLnRjY2xhc3MyLUlJLnRydXN0Y2Vu dGVyLmRlMB8GA1UdIwQYMBaAFOOrVEyAodtWQ7eRSsvzgnoTXAirMBIGA1UdEwEB/wQIMAYBAf8C AQAwUgYDVR0gBEswSTAGBgRVHSAAMD8GCSqCFAAsAQEBAjAyMDAGCCsGAQUFBwIBFiRodHRwOi8v d3d3LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRm s8aR+bbNsl+aN1ZGDOJr1bF8tDCB+QYDVR0fBIHxMIHuMIHroIHooIHlhkFodHRwOi8vY3JsLnRj Y2xhc3MyLWlpLnRydXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18yX2NhX0lJLmNybIaBn2xk YXA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNzJTIwMiUy MENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290Y2VydHMsREM9dHJ1c3Rj ZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlPzANBgkqhkiG9w0BAQUF AAOCAQEAbIo0xQ6Vg07JyJYU1QV5K9/bGyMc/V20ZeeTzyf4oJLbieNCTDc8csA3Aw2lxvEcEKZD p8AG2ArDYfnfuzlrgqK43WZt0whV5RERsdGD4IP5538zL4oQ4n1c/4X0do6dW+FnPum91B68CsLm 5pzh+/yvMaKt9dRfRO8MrBQozz10kDqUmaAIT/gvb257UC3VwDbCg9W6yd+cYlayuKPiOjCcDjtm Ml4SBDxTDJh1fLy8FaBMFfI9MMM1HVJTwMkYDIRWO7htLkdlsug6KguxhMeG9tqNNqOs+PpHgODQ KPFbj6J6jPJQ/sRlenXI7IO3chzFIenRwN9WqTMTgJuI/jGCBAswggQHAgEBMIGOMHwxCzAJBgNV BAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYDVQQLExxUQyBUcnVzdENl bnRlciBDbGFzcyAyIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENlbnRlciBDbGFzcyAyIEwxIENB IFhJAg5c4AABAAL4elutM56L7jAJBgUrDgMCGgUAoIICUTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN AQcBMBwGCSqGSIb3DQEJBTEPFw0xMTExMDgxNTEyMjNaMCMGCSqGSIb3DQEJBDEWBBTGa1Ksf63k nmG4EQQgQGpnwuM6oDCBnwYJKwYBBAGCNxAEMYGRMIGOMHwxCzAJBgNVBAYTAkRFMRwwGgYDVQQK ExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYDVQQLExxUQyBUcnVzdENlbnRlciBDbGFzcyAyIEwx IENBMSgwJgYDVQQDEx9UQyBUcnVzdENlbnRlciBDbGFzcyAyIEwxIENBIFhJAg5c4AABAAL4elut M56L7jCBoQYLKoZIhvcNAQkQAgsxgZGggY4wfDELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRy dXN0Q2VudGVyIEdtYkgxJTAjBgNVBAsTHFRDIFRydXN0Q2VudGVyIENsYXNzIDIgTDEgQ0ExKDAm BgNVBAMTH1RDIFRydXN0Q2VudGVyIENsYXNzIDIgTDEgQ0EgWEkCDlzgAAEAAvh6W60znovuMIGr BgkqhkiG9w0BCQ8xgZ0wgZowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAKBggqhkiG9w0DBzAL BglghkgBZQMEAQIwDgYIKoZIhvcNAwICAgCAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqG SIb3DQMCAgEoMAcGBSsOAwIaMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgIwCwYJYIZIAWUDBAIB MA0GCSqGSIb3DQEBAQUABIIBAF2P+nossrEpxKLpu1Uy6LidxszqCavI1Y5aKuuEPH5sZPJOd9bQ gEIVvf0RdTnY5B5MoHmwks6xj2xYcBoYi5JZ3BMJ5YoQ5fvy8fQo1Hi8/s/qvNK+Pp1W8DVcoloT Sde/7dIsUZN3ofUnO4AKRA3HLwyXuZlT+ypffylzyHJQ/BssB17qq+5ZhWdjnmGVga+oP0ffNJTQ by5CpeiKSsHxvgnEKM6IzgXvPf2OcDtAQ1JROPFNCO22b4obwGQVpk1UusN9lKIT7bS+kaSDoYq7 XMsxGgF7ieQFtZdkbQRD+Xol+f22UMezlIFda6IvS7LU7rVlpXf1E8T80vDzZHMAAAAAAAA= ------=_NextPart_000_0077_01CC9E31.331A27C0--