Here is the redirect that I use in my virtualhost entry in apache: RedirectMatch (.*?)\s+$ http://www.SITENAMEHERE.org$1 Nicely stops the problem of people adding spaces to their url's. (or any other whitespace for that matter) --Angus
> -----Original Message----- > From: Angus Mezick > Sent: Wednesday, August 13, 2003 1:56 PM > To: Tomcat Users List > Subject: RE: security hole on windows Apache -> Tomcat? > > > Not at the current late stage of development we are currently in. I > know, it bites. I am going to try a trick with RedirectMatch. Maybe > just redirect them into limbo, I don't know. > > > -----Original Message----- > > From: Ralph Einfeldt [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 13, 2003 11:45 AM > > To: Tomcat Users List > > Subject: RE: security hole on windows Apache -> Tomcat? > > > > > > Can you arrange your file layout in a way, that the jsp's aren't > > under the document root for apache ? (I guess they are, otherwise > > apache couldn't show them) > > > > > > > -----Original Message----- > > > From: Angus Mezick [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, August 13, 2003 5:34 PM > > > To: Tomcat Users List > > > Subject: RE: security hole on windows Apache -> Tomcat? > > > > > > > > > I ONLY see the problem in apache. So I think it is a > > config problem. > > > Will the jk2 URI : > > > [uri:www.SITENAME.org/*.jsp] catch > www.SITENAME.org/index.jsp%20 ? > > > When I turn on the > accessvalve tomcat doesn't see this request. > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
