Thanks. I might try that. One more question: How can I change the default page, i.e., the one that displays when I just enter a path, from index.html to something else?
Thanks again, Michael > -----Original Message----- > From: Larry Isaacs [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 23, 2003 3:59 PM > To: Tomcat Users List > Subject: RE: TC 3.3.1: How to disable static access to > *certain* directories? > > > The feature of arbitrarily not serving content in the > webapp is one that is not in high demand and isn't > currently supported, other than removing the > StaticInterceptor, as you have done. > > I haven't tried the following, but you might try for > each static page you want to serve: > > 1) Make a copy of the static page and rename it to > end with ".jsp". > > 2) In the web.xml, add a servlet declaration for that > JSP and add a servlet mapping that maps it to the > old static file's name. > > Then remove the StaticInterceptor from the webapp. > This way, only the static files you "map" get served. > Note, this assumes all the static files you want to > serve are HTML. > > HTH. > > Larry > > > > -----Original Message----- > > From: Lemke, Michael IZ/HZA-IE5 [mailto:[EMAIL PROTECTED] > > Sent: Thursday, October 23, 2003 9:28 AM > > To: 'Tomcat Users List' > > Subject: RE: TC 3.3.1: How to disable static access to > > *certain* directories? > > > > > > > -----Original Message----- > > > From: Larry Isaacs [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, October 23, 2003 3:07 PM > > > To: Tomcat Users List > > > Subject: RE: TC 3.3.1: How to disable static access to > > > *certain* directories? > > > > > > > > > > > > > -----Original Message----- > > > > From: Lemke, Michael IZ/HZA-IE5 [mailto:[EMAIL PROTECTED] > > > > Sent: Thursday, October 23, 2003 8:04 AM > > > > To: '[EMAIL PROTECTED]' > > > > Subject: TC 3.3.1: How to disable static access to *certain* > > > > directories? > > > > > > > > > > > > I want to serve a few static pages with standalone tomcat > > > > 3.3.1 (no apache etc). > > > > I got that to work (<StaticInterceptor listings="false" />). > > > > However, > > > > it is still possible to access pages in other contexts if I > > > > know the path: > > > > > > > > http://host.dom:4711/otherapplication/someknownpath/file.html > > > > > > > > But if I try > > > > > > > > http://host.dom:4711/otherapplication/WEB-INF/web.xml > > > > > > > > I get a 403 Forbidden. How can I make tomcat to return 403 > > > (or 404) for > > > > the first path as well? I just couldn't find anything > in the docs > > > > or google. > > > > > > You could delete file.html. That would result in a 404 > > > error. > > > > Not good enough. There's stuff I can't take out. > > > > >If this > > > isn't feasible, you need to explain why, so options as to how > > > to "hide" it > > > can be determined. > > > > Well, I simply don't want to serve anything that I don't need. > > For the main application I don't need any static pages so I can > > do without StaticInterceptor (done that). I don't want any files > > to be available that might be placed there by mistake or > otherwise. > > Only the few pages under the `static' path should be accessible. > > Simple security concerns - don't open more than what is necessary. > > > > Michael > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
