Re: Securing a folder
If you are using JK to connect Apache and Tomcat, you can specify JkMounts which should cause Apache to forward the request to tomcat to handle. For example: VirtualHost 192.168.1.10:80 ServerName www.domain.com ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/www.beanpix.com ErrorLog /var/log/httpd/www.domain.com/error_log CustomLog /var/log/httpd/www.domain.com/access_log combined JkMount /pdfs/* worker JkMount /*.jsp worker /VirtualHost should cause any URL with the pattern /pdfs/* and *.jsp to be processed by tomcat. Whether you do this in the main section of the httpd.conf or for a virtual host only is up to you and your configuration. Also consider not having the location of the pdf's within the Apache web root, but instead only accessible by Tomcat... You can then enforce security using a filter, or using some other method. Hope that helps John Sidney-Woollett Dean Searle said: Hello Everyone, Not to sure how to phrase this but here I go anyways. I am attempting to secure a folder that is located within my application. This folder contains pdf's that only need to be accessible by tomcat, the site requires a password to enter. At first if I did www.domain.com/pdfs/somefile.pdf it would open up somefile.pdf. So I tried this in my http.conf file for the website: Location /pdfs order deny,allow deny from all allow from 127.0.0.1 /Location But now tomcat cannot even retrieve the pdf's. Am I doing this right. Could you please point me to some doc's that might explain this more. Not sure if this helps or not: Windows 2000 Server SP4 Tomcat 4.1.24 LE Apache 2.0.46 JDK 1.4.1_02 Thank you for time Dean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Securing a folder
Hello Everyone, Not to sure how to phrase this but here I go anyways. I am attempting to secure a folder that is located within my application. This folder contains pdf's that only need to be accessible by tomcat, the site requires a password to enter. At first if I did www.domain.com/pdfs/somefile.pdf it would open up somefile.pdf. So I tried this in my http.conf file for the website: Location /pdfs order deny,allow deny from all allow from 127.0.0.1 /Location But now tomcat cannot even retrieve the pdf's. Am I doing this right. Could you please point me to some doc's that might explain this more. Not sure if this helps or not: Windows 2000 Server SP4 Tomcat 4.1.24 LE Apache 2.0.46 JDK 1.4.1_02 Thank you for time Dean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Securing a folder
Try looking at your webapps, web.xml's security-constraint. That way you can take the protection away from Apache and allow Tomcat to handle that. Kind Regards Schalk Neethling Web Developer.Designer.Programmer.President Volume4.Development.Multimedia.Branding emotionalize.conceptualize.visualize.realize Tel: +27125468436 Fax: +27125468436 email:[EMAIL PROTECTED] web: www.volume4.com This message contains information that is considered to be sensitive or confidential and may not be forwarded or disclosed to any other party without the permission of the sender. If you received this message in error, please notify me immediately so that I can correct and delete the original email. Thank you. :: -Original Message- :: From: Dean Searle [mailto:[EMAIL PROTECTED] :: Sent: Thursday, March 25, 2004 11:45 PM :: To: Tomcat Users List :: Subject: Securing a folder :: :: Hello Everyone, :: :: Not to sure how to phrase this but here I go anyways. I am attempting to secure a :: folder that is located within my application. This folder contains pdf's that only need :: to be accessible by tomcat, the site requires a password to enter. At first if I did :: www.domain.com/pdfs/somefile.pdf it would open up somefile.pdf. So I tried this in :: my http.conf file for the website: :: :: Location /pdfs :: order deny,allow :: deny from all :: allow from 127.0.0.1 :: /Location :: :: But now tomcat cannot even retrieve the pdf's. Am I doing this right. Could you :: please point me to some doc's that might explain this more. :: :: Not sure if this helps or not: :: :: Windows 2000 Server SP4 :: Tomcat 4.1.24 LE :: Apache 2.0.46 :: JDK 1.4.1_02 :: :: Thank you for time :: :: Dean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]