File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Source jsp code visible in apache Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Source jsp code visible in apache" Watch "Source jsp code visible in apache" New topic

Source jsp code visible in apache

Ashutosh Uprety
Ranch Hand

Joined: Nov 30, 2000
Posts: 39
There seems to be a bug in Apache.
I am using apache+tomcat config on win95.
If I put a dot(".") after the name of the jsp in the browser location bar, then the whole code of my jsp is visible on the browser.
if my jsp is "security.jsp" in abc directory, then if I type
"http://servername/abc/security.jsp." on the browser, the whole code of security.jsp is visible on the browser. How should I stop this. I am able to restrict access to the directory listing, but if anyone knows the full path, then the whole code is shown.
Can anyone suggest something to stop this.

[This message has been edited by Ashutosh Uprety (edited July 17, 2001).]
Wayne Hefner

Joined: Jul 13, 2001
Posts: 13
Add the following into your httpd.conf
<Files ~ "*.jsp.">
Order allow,deny
Deny from all
Sreenivas Makala

Joined: Jun 14, 2001
Posts: 4
I got the same problem on weblogic once.
But I got this problem not when accessing the .jsp but when we navigate to the .jsp by clicking the browser back button.
Then what I have done is I have converted the html comments(we had a lot of then ) into java style comments <!-- --> into /* */ and mysteriously the problem dissappeared.Please try this one also just as an experiment and educate me on this...
Thanks in Advance,
Sreenivas Makala
Ashutosh Uprety
Ranch Hand

Joined: Nov 30, 2000
Posts: 39
Hi Wayne,
I have tried <Files>, <FileMatch>,<Limit>,<LimitExcept>... but nothing seems to work.
Either it is stopping the jsp itself, or it is showing the code.
What I can make out is that it is not parsing the "dot" properly, and is a bug in Apache, because things work properly with only tomcat.
Any more inputs will be welcome.
Ashutosh Uprety
Ranch Hand

Joined: Nov 30, 2000
Posts: 39
Hi Wayne,
Nothing seems to work. I used <Files>, <FileMatch> with <Limit>, <LimitExcept> tags , but the "dot" still plays havoc.
Things work fine when using only Tomcat, but with apache it is bombing
Raghavendra Holla
Ranch Hand

Joined: Jun 02, 2000
Posts: 58
In Tomcat configuration file web.xml in directory <TOMCAT_HOME>/conf, try to change <servlet-mapping> tag. Try after changing <url-pattern> from *.jsp to *.jsp? or *.jsp*.
wood burning stoves
subject: Source jsp code visible in apache
Similar Threads
Tomcat 5 is not finding the updated .css
restrict directory access using apache
JSP in Weblogic & Apache, Help Needed
Apache to Tomcat forwarding not working properly
Weblogic with Apache, Help needed