Adrián Córdoba wrote:
...
JkMount /Andromeda/* worker1
<Directory "/opt/apache-tomcat-7.0.12/webapps/Andromeda">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
---------------------------------------------------------
...
May be, I have a configuration mistake.
Yes, a big one above.
Wether it is the cause of your problem, I am not quite sure yet (but it could
be).
It is bad anyway, because you are allowing Apache users, potentially, to bypass Tomcat and
to access the Tomcat application directory directly.
So, again potentially, if a user manages to access the directory
"/opt/apache-tomcat-7.0.12/webapps/Andromeda" through Apache and without going through
Tomcat, then anything that you did in Tomcat to protect access to that directory is useless.
And that is probably the case here :
Say a user enters the URL "http://ASIA/Andromeda"; in his browser, and the browser requests
that URL. What happens ?
Apache will compare that URL (the part after the host) with the JkMount
instruction.
The request URL is "/Andromeda", which is compared to the URL in the JkMount
"/Andromeda/*".
It does not match, since the request URL is missing the trailing "/" of the expression in
the JkMount.
So Apache does not forward this request to Tomcat, but handles it itself.
After a few more steps in Apache, finally Apache comes to this directory
"/opt/apache-tomcat-7.0.12/webapps/Andromeda", and looks for a document to
serve.
Since no document is specified in the URL, Apache will use the one specified in the
relevant "DirectoryIndex" directive. That may be, for instance, "index.html" or similar.
And it will serve it according to its own permissions settings, which here are :
> Allow from all
(so anyone can get anything, without access control)
It is a bit difficult, not knowing the exact content of your pages, to figure out what the
full consequences may be, but maybe it gives you a clue already.
In other words,
1) remove the section
<Directory "/opt/apache-tomcat-7.0.12/webapps/Andromeda">
from the Apache configuration. It has nothing to do there, because you want Apache to
forward these URLs to Tomcat anyway.
And it is a security risk (particularly on Windows, but even here).
2) add the following JkMount :
JkMount /Andromeda worker1
(so that a request for "http://ASIA/Andromeda"; will be *also* forwarded to
Tomcat.)
Then try again, and come back here if you still have a problem.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
