Landaluze Produktions IS - Carlos wrote:
> i have make virtual domains in my linux, but in each virtual domain i can
> see (with the browser) the WEB-INF and the WEB-INF/classes directory and
> theris files.
> How can i make no readable (no read) these directories?
> thaks and excuse my english
>
Are you using the standard tomcat-apache.conf configuration file that is set up
for you? If so, it has appropriate coding to prevent this. For example, a
typical entry for a web app would look like this (with $TOMCAT_HOME expanded to
wherever you installed Tomcat):
Alias /examples "/$TOMCAT_HOME/webapps/examples"
<Directory "$TOMCAT_HOME/webapps/examples">
Options Indexes FollowSymLinks
</Directory>
ApJServMount /examples/servlet /examples
<Location "/examples/WEB-INF/">
AllowOverride None
deny from all
</Location>
<Location "/examples/META-INF/">
AllowOverride None
deny from all
</Location>
It is the <Location> directives that tell Apache not to make these directories
visible.
When using Tomcat stand-alone, you don't have to do anything to prevent access
to these directories -- they are protected by code internal to Tomcat.
Craig McClanahan
