tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: restrict per user public_html to serve static files only...
Date Wed, 27 Jun 2012 06:45:18 GMT
Kim wrote:

> Hi, Dear all
> I'm using tomcat 6.0.35 on linux CentOS 5.7 using sun jdk jdk1.5.0_11.
> I need to enable public_html for my user but for security reason, I
> would like restrict the functions to serve static files only.
> Can anyone tell me how to do that ?
> Actually I can build tomcat from src and don't mind modify the code
> base for this specific feature.
> Can anyone help me to point out which source file I should modify ...
> Regards,
> Kim
> 

Modifying the Tomcat code base for this seems to me a heavy, non-portable, 
non-maintainable, non-upgradable solution.
You could this with a very simple (*) Servlet Filter.  One may already exist which does that.
I'd be surprised if you couldn't do that with, for example, the URLRewrite filter.
http://www.tuckey.org/urlrewrite/
Rewrite URLs that do not point to static pages, to some error page URL, et voila.
(better : rewrite all /public_html/* URLs to the error page, /except/ if they end in 
\.(xxx|yyy|zzz))


(*) and light and portable and maintainable and upgradable

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message