Mark,
Am 05.07.2018 10:31, schrieb André Warnier:
Hi.
I have not looked through all of your configuration lines, but I
believe that the problem is first of all this line :
On 05.07.2018 09:18, Sandels Mark (RTH) OUH wrote:
DocumentRoot "C:\Program Files (x86)\apache-tomcat-9.0.6\webapps"
+1
That's most certainly the reason. You can browse down to WEB-INF and see
web.xml or any file with credentials... Even worse if you enable
indexes!
Make yourself familiar how to configure Apache httpd and be aware that
any config in the main httpd-file is for the whole server! Put all
config into your own virtualhost not the default. You can severly mess
up the security of your tomcat webapp if you don't understand httpd.
httpd hardening adds just one more complexity.
Do you really need httpd fronting tomcat? Tomcat provides pretty much
everything you need...
Best regards
Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org