Christopher Schultz wrote:
Mark,
Mark Thomas wrote:
| My best guess from
| the limited information is that you are using httpd and mod_jk and your
| configuration isn't secure.
Agreed. You should always lock-down Apache httpd by prohibiting access
to, say, "*.jsp" in your webapp directory /from httpd configuration/.
Tomcat will protect *.jsp and anything under /WEB-INF/ and /META-INF/
for you, but you can always use Apache http to avoid those protections.
Or better yet never, ever configure Tomcat and httpd to server content from
the same file system location. If you *really* know what you are doing you
can do it securely but most people get it wrong.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
