Karr, David wrote:
The alternative is to put all JSP pages into a security constraint on a role that no user is set to.
Or you could put all JSP pages into a directory that is protected by a filter which both logs the access attempt (including all relevant data such as IP address, params, etc) and then redirects the user to an error page warning them that they have been logged.
You can get quite sophisticated with this, for instance if you run behind apache, you can have repeat offenders (spiders, etc) written to a .htaccess list to reject their HTTP requests outright, etc.
Erik
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
