Have apache deny the request. Very simple change to httpd.conf.
For example:
# No one in my WEB-INF directory
Location /WEB-INF/
AllowOverride none
deny from all
/Location
# No one look at my properties files
Files ~ *.properties
Order allow,deny
Deny from all
Satisfy All
/Files
# No one look at my website app config
# OK - This is redundant since its in WEB-INF
Files ~ web.xml
Order allow,deny
Deny from all
Satisfy All
/Files
-Tim
Chad Kellerman wrote:
Hello everyone,
I have been running tomcat for a while and just started to notice a
few things. First, let me say I have it configure on a linux server
with mod_webapp, with Tomcat version 4.0.3.
Let's say I have a war file application called hello.war that I call
like so:
http://mydomain.com/webapps/hello/
But if I call it this way:
http://mydomain.com/webapps/hello.war
it forces a download. I realize this is not the proper way to call
it but if someone did call it this way..
I believe I can stop this through Apache but I am not quite too
sure.
Does anyone else notice this or have a fix for it???
THanks,
Chad
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
