cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/request StaticInterceptor.java

Tue, 07 Nov 2000 17:36:20 -0800 

craigmcc    00/11/07 14:52:56

  Modified:    src/etc  Tag: tomcat_32 server.xml
               src/share/org/apache/tomcat/request Tag: tomcat_32
                        StaticInterceptor.java
  Log:
  Security related fix:  Support the ability to suppress the automatic generation
  of directory listings when there is no welcome file present.  If you change
  the value of the "suppress" property to "true", a 404 (not found) error will
  be returned instead.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.29.2.8  +7 -2      jakarta-tomcat/src/etc/server.xml
  
  Index: server.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/etc/server.xml,v
  retrieving revision 1.29.2.7
  retrieving revision 1.29.2.8
  diff -u -r1.29.2.7 -r1.29.2.8
  --- server.xml        2000/11/07 22:15:26     1.29.2.7
  +++ server.xml        2000/11/07 22:52:38     1.29.2.8
  @@ -150,11 +150,16 @@
               className="org.apache.tomcat.request.InvokerInterceptor" 
               debug="0" prefix="/servlet/" />
   
  -        <!-- "default" handler - static files and dirs
  +        <!-- "default" handler - static files and dirs.  Set the
  +             "suppress" property to "true" to suppress directory listings
  +             when no welcome file is present.
  +
  +             NOTE:  This setting applies to *all* web applications that
  +             are running in this instance of Tomcat.
             -->
           <RequestInterceptor 
               className="org.apache.tomcat.request.StaticInterceptor" 
  -            debug="0" />
  +            debug="0" suppress="false" />
   
           <!-- Plug a session manager. You can plug in more advanced session
                modules.
  
  
  
  No                   revision
  
  
  No                   revision
  
  
  1.7.2.4   +15 -0     
jakarta-tomcat/src/share/org/apache/tomcat/request/StaticInterceptor.java
  
  Index: StaticInterceptor.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/StaticInterceptor.java,v
  retrieving revision 1.7.2.3
  retrieving revision 1.7.2.4
  diff -u -r1.7.2.3 -r1.7.2.4
  --- StaticInterceptor.java    2000/10/11 00:24:45     1.7.2.3
  +++ StaticInterceptor.java    2000/11/07 22:52:52     1.7.2.4
  @@ -131,6 +131,19 @@
                                : NO_LOCALIZATION;
       }
   
  +    /**
  +     * The "suppress directory listings" flag.
  +     */
  +    private boolean suppress = false;
  +
  +    public boolean getSuppress() {
  +        return (this.suppress);
  +    }
  +
  +    public void setSuppress(boolean suppress) {
  +        this.suppress = suppress;
  +    }
  +
       public void engineInit(ContextManager cm) throws TomcatException {
        super.engineInit( cm );
        
  @@ -212,6 +225,8 @@
   
        // Doesn't matter if we are or not in include
        if( welcomeFile == null  ) {
  +         if (suppress)
  +                return 404;  // Not found
            // normal dir, no welcome. 
            req.setWrapper( ctx.getServletByName( "tomcat.dirHandler"));
            if( debug > 0) log( "Dir handler");
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to