Any information about using mod_jk? Where to download the bin mod_jk for tomcat 4.1.29 and apache 2.0.48? But I wonder why it will have such bug.
Bill Barker wrote: > > "unplug" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > As you can see, the jsp only contains a line of code <%= new > > java.util.Date() %>. I haven't set the content type in the jsp and it > > can be run at http://company.com/examples/test.jsp. However source code > > exposure at http://company.com//examples/test.jsp. I wonder why the "/" > > will cause source code exposure. Is it a bug or configuration missing > > of tomcat? Anyone can help to stop source code exposure. > > > > >From a quick glance at the code, it looks like it is a bug. Use mod_jk > instead of mod_jk2. mod_jk doesn't have this problem. > > > Thanks, > > unplug > > > > jerome moliere wrote: > > > > > > unplug wrote: > > > > > > >HI all, > > > > > > > > I am using Fedora Core 1 with tomcat 4.1.29, apache 2.0.48 and > > > >mod_jk2. I have created a simple jsp (code listed below) and put it > > > >under $CATALINA_HOME/webapps/examples. > > > > > > > >code: > > > >file name: test.jsp > > > ><%= new java.util.Date() %> > > > > > > > > It can be accessed in the browser using the following link > > > >http://company.com/examples/test.jsp > > > > > > > > However, its source code will be exposed when I type the following. > > > >http://company.com//examples/test.jsp > > > > > > > > How can I configure it to prevent such exposure? Anyone can give me > > > >an advise. > > > > > > > > > > > I guess taht your JSP doesn't specify the content for the response so > the browser > > doesn't layout the HTML but show the code source instead... > > > So try to fix the content type in your response to text/html > > > HTH > > > Jerome > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
