| Author |
deny access to my webapps folders
|
Kartik Ruppa
Ranch Hand
Joined: Aug 28, 2002
Posts: 60
|
|
Hi ,
I have my application folder inside webapps of tomcat.
folder structure is something like this :
../webapps/TestApp/*.jsp
../webapps/TestApp/resource/test.html
When a user enters the http://www.domain.com/TestApp/resource on the browser,all the files/folders under resource are visible.How to avoid this?
Thanks in advance,
Kartik
|
 |
Mike Curwen
Ranch Hand
Joined: Feb 20, 2001
Posts: 3695
|
|
Assuming that you never want to allow direct browsing to the pages, you could move the 'resource' folder under WEB-INF and access them through methods on the Context like "getResourceAsStream()" or even through a include() or forward() request.
You might also write a servlet Filter that would selectively allow or deny access.
Alternately, you can use Apache in front of Tomcat, and restrict access with Apache web server settings.
If you're concerned about directory browsing, you can also turn this off in the Tomcat config. http://jakarta.apache.org/tomcat/faq/misc.html#listing
|
|
Praful Thakare
Ranch Hand
Joined: Feb 10, 2001
Posts: 613
|
|
Also,you can create index.html or index.jsp saying "you are not permited to view this....bla bla.." and place in every directory..
Cheers
--Praful
[ July 22, 2004: Message edited by: Praful Thakare ]
|
All desirable things in life are either illegal, banned, expensive or married to someone else !!!
|
|
 |
|
|
subject: deny access to my webapps folders
|
|
|
0
