>-----Original Message----- >From: André Warnier [mailto:a...@ice-sa.com] >Sent: Friday, November 30, 2012 12:23 AM >To: Tomcat Users List >Subject: Re: Context Path for a subdirectory >>>>> >>>>> On 11/29/2012 11:41 AM, Leo Donahue - RDSA IT wrote: >>>>>> Reading the docs: >>>>>> http://tomcat.apache.org/tomcat-7.0-doc/config/context.html >>>>>> >>>>>> "..The web application used to process each HTTP request is >>>>>> selected by >>>>> Catalina based on matching the longest possible prefix of the >>>>> Request URI against the context path of each defined Context." >>>>>> If I have a webapp, with a www directory, and in that www >>>>>> directory are >>>>> other directories, how would I restrict access to one of those >>>>> subdirectories to the localhost? >>>>>> webapps >>>>>> webapp1 >>>>>> -WEB-INF >>>>>> -classes >>>>>> -lib >>>>>> -www >>>>>> -directory1 >>>>>> -directory2 >>>>>> >>>>>> Is the context path of directory1: /webapp1/directory1 >>>>>> >>>>>> Would I create a context named directory1.xml such as the following? >>>>>> >>>>>> <?xml version="1.0" encoding="UTF-8"?> <Context >>>>>> antiResourceLocking="false" privileged="true" >>>>>> path="/webapp1/directory1"> >>>>>> >>>>>> <Valve className="org.apache.catalina.valves.RemoteAddrValve" >>>>>> allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> >>>>>> </Context> >>>>>> >>> >>> Of course you'll still have to map the filter to the correct context >>> for directory1 in >>> >>> webapps >>> webapp1 >>> -WEB-INF >>> -classes >>> -lib >>> -www >>> -directory1 >>> -directory2 >>> >>> >>> <filter-mapping> >>> <filter-name>Remote Address Filter</filter-name> >>> <url-pattern>(??????)</url-pattern> >>> </filter-mapping> >>> >>> and (??????) is .... ? >>> >>> ;-) >>> >> >> Sadly, it's advertised in the help section. >> >> http://planning.maricopa.gov/sdk/rest/gettingstarted.html scroll to bottom >> of the page. >> >> I could surgery out bullet #7 I suppose, but I'm counting on the filter to >> work. >> >> >Ah well, that is what the user enters, which does not necessarily match the >layout of your application. >But did I misunderstand, or did you want to have the IP filter apply only to >the subdirectory in question ?
Yes, I wanted the IP filter to apply only to http://planning.maricopa.gov/rest/admin I was confused in thinking that if I used a url-pattern, in a context file, of /rest/admin that it would restrict access to just admin - based on the longest matching prefix - but it restricted access to all of /rest >My "trick question" was about how you would specify the url-pattern so that it >applies only to: >(webapps)/webapp1/www/directory1 >(and not to >(webapps)/webapp1/www/directory2 for instance). > Using the Container provided Remote Address Filter was a good reason to upgrade to Tomcat 7.0.33 from 6.0.35. If I can tag another question on the end of this thread: The Remote Address Filter has an option to set the denyStatus from 403 to 404, or whatever. In general, I'm guessing it's better to respond that a restricted resource is not found, rather than respond that is it there but forbidden? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
