LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-26-2005, 07:16 AM   #1
vous
Member
 
Registered: Mar 2003
Location: Macondo
Distribution: Mandrake 9.1, 10.1, SuSE 8.1 pro, 10.1, Red Hat 8.0/9.0
Posts: 380

Rep: Reputation: 30
Tomcat4/Apache2 are allowing unwanted requests to come through....!?!?!


Hello All,

I want to prevent Tomcat from displaying the file system contents, BUT I want it to be able to path to a webapp called /counter.

So what I mean is that I would like people to access the webapp: /counter, but I DON'T want to them to be able to type in their browser:

http://<servername>/counter/images

and get to see all the images from the file system. Obviously I want to be able to serve the images that tomcat will use to build the pages...just not straight from the URL as requested by an external user.

--->This is my setup:

My setup is:

Apache2 ---> Apache/TomcatJK2 Connector---> Tomcat4

So either answer, be it from the Apache2 Gurus or the Tomcat4 Gurus can help...

1) How can I block this from within Apache2?

2) How can I block this from within Tomcat4?

...and yet a 3rd option...

3) How can I block this from the JK2 connector (workers2.properties)?


Any thoughts?
 
Old 03-26-2005, 08:29 AM   #2
vous
Member
 
Registered: Mar 2003
Location: Macondo
Distribution: Mandrake 9.1, 10.1, SuSE 8.1 pro, 10.1, Red Hat 8.0/9.0
Posts: 380

Original Poster
Rep: Reputation: 30
I have included this in the Apache conf:

<Directory />
AllowOverride None
</Directory>

<Directory />
Order Deny,Allow
Deny from all
</Directory>

Which prevents entry to the file system, BUT the connectors config has to allow entry to the /counter webapp:

[uri:/counter]
info=Counter webapp
context=/counter
debug=0

[uri:/counter/servlet/*]
info=Prefix mapping

[uri:/counter/*.jsp]
info=Extension mapping

[uri:/counter/*]
info=Map the whole counter webapp

So how do I prevent them from navigating through the whole /counter dir?
 
Old 03-26-2005, 09:31 AM   #3
megaspaz
Senior Member
 
Registered: Nov 2002
Location: Silly Con Valley
Distribution: Red Hat 7.3, Red Hat 9.0
Posts: 2,054

Rep: Reputation: 46
why don't you just put in an index.html file in that image directory? that way, if someone types in the url like you showed, that webpage will show up instead. you can't really expect much though, as someone can still get to your images by viewing the source of whatever page tomcat shows up, but it will stop tomcat from doing an index listing of the contents of the directory.
 
Old 04-09-2005, 12:55 PM   #4
vous
Member
 
Registered: Mar 2003
Location: Macondo
Distribution: Mandrake 9.1, 10.1, SuSE 8.1 pro, 10.1, Red Hat 8.0/9.0
Posts: 380

Original Poster
Rep: Reputation: 30
There has to be a more professional/technical way to solve this problem?

Any other thoughts??
 
Old 04-09-2005, 02:05 PM   #5
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,272

Rep: Reputation: 154Reputation: 154
Code:
<Directory /path/to/picture/dir>
  Options -Indexes
</Directory
Alternatively you can put
Code:
Options -Indexes
In .htaccess file if your server is set up to allow .htaccess files

If they go to that directory they will get a "you don't have permission to access this directory"
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Tomcat is allowing unwanted requests to come through....!?!?! vous Linux - Software 0 03-26-2005 07:15 AM
Tomcat4 and Apache2 rlkiddjr Linux - Software 2 09-04-2003 12:13 PM
MOD_JK2 with TOMCAT4.1.24-Apache2 awedaylong Linux - Networking 2 07-29-2003 11:18 AM
Tomcat4 installation on RedHat 8.0? mikeshn Linux - Software 5 02-23-2003 10:15 PM
tomcat4 on OpenBSD neo77777 *BSD 1 06-19-2002 02:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 02:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration