No Ipod here, but since even the master started top-posting..
You can also use something like
SetEnvIf REQUEST_URI "\.(htm|web|css|gif|jpg|js|html?)$" no-jk
Ooops, no, that's the opposite effect.
Might still be useful though.
See the end of this page for a whole bag of tricks like that :
http://tomcat.apache.org/connectors-doc/reference/apache.html
Christopher Schultz wrote:
Sorry for the top post; iphone iant the best email client in the world.
Try:
<Location "/*.jsp">
Deny from all
</Location>
When configuring Apache httpd in front of Tomcat, you should set up lots
of these types of rules to protect your (jsp) sources, WEB-INF,
META-INF, etc.
-chris
On Dec 16, 2008, at 12:53, "Payne, George \(ghp5h\)"
<gh...@eservices.virginia.edu> wrote:
This is a problem I've seen reported on very old versions of mod_jk,
but it
seems (apparently) to have a new life in 1.2.27 and possibly other recent
versions.
If a user puts a double slash (http://mysite.com//myapp/myjsp.jsp)
instead
of a single slash in a url, apache does not recognize it as part of a
normal
pattern (eg JkMount /myapp/*.jsp) to be forwarded to tomcat and
displays it
as html/text instead of as a jsp, revealing the source.
My system:
Httpd: Apache 2.0.46
Jk: 1.2.27 (from binary posted on
http://apache.mirrors.timporter.net/tomcat/tomcat-connectors/jk/binaries/lin
ux/jk-1.2.27/i386/mod_jk-1.2.27-httpd-2.0.61.so)
Tomcat: 5.5.27
I'd be happy to hear someone say I misconfigured something, but I'm
not sure
what I could misconfigure to make this happen.
I've worked around by doing things like
JkMount /*.jsp ajp13
JkMount /*.do ajp13
Etc, but this is not a good solution.
George Payne
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
