tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Please somebody can translate this configuration in tomcat form for server.xml or another xml config file?
Date Fri, 27 Jan 2012 14:33:45 GMT
Luciano Andress Martini wrote:
> I really want to block a directory like
> /webapps/temporarios/upload_contracheque
> 
> Yes is the first option but withou moving the directory outside
> tomcat, because im not the developer of the system, 

then why are you messing it up ? ;-)

and i just put
> this system on the server.... and i really need to simple block this
> directory...=//
> 
> I need to block this, in the similar way that i do in apache...

Yes, but Tomcat is not Apache httpd, and their security models are different.
If you try to just do in Tomcat "like in Apache", then it will be very easy to create a 
security hole.

> /var/lib/tomcat6/webapps/temporarios/upload_contracheque
> 
> 
The above directory layout means that for Tomcat, "temporarios" is a "context" (= a 
webapp). And inside this webapp "temporarios", "upload_contracheque" is just a path.
By default, Tomcat will serve anything inside the sub-directory "upload_contracheque", via

the default servlet.

To block access to that path inside of your webapp "temporarios", you will have to do 
something specific for that path, inside of the file
/var/lib/tomcat6/webapps/temporarios/WEB-INF/web.xml

If you are not the developer, can you do that ? can you change the content of that web.xml

file ?  what if the real developer provides a new version of that webapp (including a new

web.xml file) ?

 > I really cant move this outside this directory.

You have not really provided a good reason why not.

And there are several good reasons why you should not have, under 
/var/lib/tomcat6/webapps, a directory where files are being uploaded.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message