Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

deny access to my webapps folders

 
Kartik Ruppa
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ,
I have my application folder inside webapps of tomcat.
folder structure is something like this :

../webapps/TestApp/*.jsp
../webapps/TestApp/resource/test.html

When a user enters the http://www.domain.com/TestApp/resource on the browser,all the files/folders under resource are visible.How to avoid this?

Thanks in advance,
Kartik
 
Mike Curwen
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Assuming that you never want to allow direct browsing to the pages, you could move the 'resource' folder under WEB-INF and access them through methods on the Context like "getResourceAsStream()" or even through a include() or forward() request.

You might also write a servlet Filter that would selectively allow or deny access.

Alternately, you can use Apache in front of Tomcat, and restrict access with Apache web server settings.

If you're concerned about directory browsing, you can also turn this off in the Tomcat config. http://jakarta.apache.org/tomcat/faq/misc.html#listing
 
Praful Thakare
Ranch Hand
Posts: 642
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also,you can create index.html or index.jsp saying "you are not permited to view this....bla bla.." and place in every directory..

Cheers
--Praful
[ July 22, 2004: Message edited by: Praful Thakare ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic