How to limit access to a path in Tomcat?

Laura Heinzmann · Feb 10, 2005

Hi:

Currently a tomcat installation I have shows content that I do not wish
to have available to external users.

i.e. www.a.com/WEB-INF/ROOT/classes/files

Is there a way I can prevent users seeing the above?

Thank you for helping me out

LH

Aquila Deus · Feb 10, 2005

Laura said:
Hi:

Currently a tomcat installation I have shows content that I do not wish
to have available to external users.

i.e. www.a.com/WEB-INF/ROOT/classes/files

Is there a way I can prevent users seeing the above?

Read about <security-constraint> in web.xml

BTW I'm wondering why there isn't an official servlet like
FileNotAvailableServlet so that I can map forbidden path to it?

Symon · Feb 10, 2005

If you use Tomcat with Apache as webserver. You can add that to your
httpd.cond file :

<Location "/WEB-INF/ROOT/classes/files">
AllowOverride None
deny from all
</Location>

Symon

Tor Iver Wilhelmsen · Feb 10, 2005

Laura Heinzmann said:
i.e. www.a.com/WEB-INF/ROOT/classes/files

Unless you do something wrong, nothing in a web app's WEB-INF
directory should ever be visible to a user. Try checking where you
have put the actual web-app.

How to try a range of hex values in C# code ?	0	Nov 19, 2022
path problem in tomcat	4	Jun 27, 2006
how to limit access to source code...	2	Feb 11, 2005
calling a servlet in tomcat	3	Nov 20, 2008
aspnet_isapi.dll security limit access to folders	0	Nov 11, 2006
Java/TomCat How to Configure a Servlet contextPath	9	Oct 31, 2008
AXIS Tomcat compatibility problem	1	Aug 9, 2006
How to delete an application from Tomcat?	7	Sep 22, 2005

How to limit access to a path in Tomcat?

Laura Heinzmann

Aquila Deus

Symon

Tor Iver Wilhelmsen

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads