RE: Apache-like Deny/Allow directives
Welcome ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 18 July 2005 16:57 To: tomcat-user@jakarta.apache.org Subject: TR: Apache-like Deny/Allow directives It seems that the Location directive is the right one to use. I've been using the Directory directive and it didn't block the dynamic content. Now that I've added the Location directive, it works and more, it adds a supplemental security barrier. Thanks a lot for your ideas, it really helped Luc Boudreau Université du Québec Canada -Message d'origine- De : Raghupathy,Gurumoorthy [mailto:[EMAIL PROTECTED] Envoyé : 18 juillet 2005 10:02 À : 'Tomcat Users List' Objet : RE: Apache-like Deny/Allow directives Cant you use Order Deny,Allow Deny from all Allow from .company.com Regards Guru -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 18 July 2005 14:30 To: tomcat-user@jakarta.apache.org Subject: Re: Apache-like Deny/Allow directives The "deny" directives in the httpd.conf are not respected when it comes to pages ending with either of the .jsp or .do extensions, and are therefore relayed to Tomcat which then gives the response to the browser. The Deny directives are not respected for these requests. But I know that Apache still respects those directives, because all I can access from outside of my .company.com domain is the plain html, without any images or any style sheet. This behavior is confirmed by the Apache access.log and error.log Finaly, to answer your question, my problem is not that I can't restrict access to areas, it is that my restrictions defined in httpd.conf are not respected when it comes to dynamic content. Luc Boudreau Université du Québec Canada -Message d'origine- De : Justin Crabtree [mailto:[EMAIL PROTECTED] Envoyé : 15 juillet 2005 10:02 À : Tomcat Users List Objet : Re: Apache-like Deny/Allow directives [EMAIL PROTECTED] wrote: > Is there any way, with Tomcat, to block connections from domains and allow only certain ones, just like the Apache directive : > > Order Deny,Allow > Deny from all > Allow from .company.com > > I've setup my Apache server to do this, but since all the dynamic content is relayed to tomcat (jsp's), it is still accessible to the internet. > > Luc Boudreau > Université du Québec > Canada Is there a reason you can't use Apache directives on the areas you wish to restrict? -- Justin Crabtree Java Programmer Ozarks Technical Community College 447-7533 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Apache-like Deny/Allow directives
Cant you use Order Deny,Allow Deny from all Allow from .company.com Regards Guru -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 18 July 2005 14:30 To: tomcat-user@jakarta.apache.org Subject: Re: Apache-like Deny/Allow directives The "deny" directives in the httpd.conf are not respected when it comes to pages ending with either of the .jsp or .do extensions, and are therefore relayed to Tomcat which then gives the response to the browser. The Deny directives are not respected for these requests. But I know that Apache still respects those directives, because all I can access from outside of my .company.com domain is the plain html, without any images or any style sheet. This behavior is confirmed by the Apache access.log and error.log Finaly, to answer your question, my problem is not that I can't restrict access to areas, it is that my restrictions defined in httpd.conf are not respected when it comes to dynamic content. Luc Boudreau Université du Québec Canada -Message d'origine- De : Justin Crabtree [mailto:[EMAIL PROTECTED] Envoyé : 15 juillet 2005 10:02 À : Tomcat Users List Objet : Re: Apache-like Deny/Allow directives [EMAIL PROTECTED] wrote: > Is there any way, with Tomcat, to block connections from domains and allow only certain ones, just like the Apache directive : > > Order Deny,Allow > Deny from all > Allow from .company.com > > I've setup my Apache server to do this, but since all the dynamic content is relayed to tomcat (jsp's), it is still accessible to the internet. > > Luc Boudreau > Université du Québec > Canada Is there a reason you can't use Apache directives on the areas you wish to restrict? -- Justin Crabtree Java Programmer Ozarks Technical Community College 447-7533 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache-like Deny/Allow directives
The "deny" directives in the httpd.conf are not respected when it comes to pages ending with either of the .jsp or .do extensions, and are therefore relayed to Tomcat which then gives the response to the browser. The Deny directives are not respected for these requests. But I know that Apache still respects those directives, because all I can access from outside of my .company.com domain is the plain html, without any images or any style sheet. This behavior is confirmed by the Apache access.log and error.log Finaly, to answer your question, my problem is not that I can't restrict access to areas, it is that my restrictions defined in httpd.conf are not respected when it comes to dynamic content. Luc Boudreau Université du Québec Canada -Message d'origine- De : Justin Crabtree [mailto:[EMAIL PROTECTED] Envoyé : 15 juillet 2005 10:02 À : Tomcat Users List Objet : Re: Apache-like Deny/Allow directives [EMAIL PROTECTED] wrote: > Is there any way, with Tomcat, to block connections from domains and allow > only certain ones, just like the Apache directive : > > Order Deny,Allow > Deny from all > Allow from .company.com > > I've setup my Apache server to do this, but since all the dynamic content is > relayed to tomcat (jsp's), it is still accessible to the internet. > > Luc Boudreau > Université du Québec > Canada Is there a reason you can't use Apache directives on the areas you wish to restrict? -- Justin Crabtree Java Programmer Ozarks Technical Community College 447-7533 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache-like Deny/Allow directives
[EMAIL PROTECTED] wrote: > Is there any way, with Tomcat, to block connections from domains and allow > only certain ones, just like the Apache directive : > > Order Deny,Allow > Deny from all > Allow from .company.com > > I've setup my Apache server to do this, but since all the dynamic content is > relayed to tomcat (jsp's), it is still accessible to the internet. > > Luc Boudreau > Université du Québec > Canada Is there a reason you can't use Apache directives on the areas you wish to restrict? -- Justin Crabtree Java Programmer Ozarks Technical Community College 447-7533 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]