Try looking at your webapps, web.xml's security-constraint. That way you can take the protection away from Apache and allow Tomcat to handle that.
Kind Regards Schalk Neethling Web Developer.Designer.Programmer.President Volume4.Development.Multimedia.Branding emotionalize.conceptualize.visualize.realize Tel: +27125468436 Fax: +27125468436 email:[EMAIL PROTECTED] web: www.volume4.com This message contains information that is considered to be sensitive or confidential and may not be forwarded or disclosed to any other party without the permission of the sender. If you received this message in error, please notify me immediately so that I can correct and delete the original email. Thank you. :: -----Original Message----- :: From: Dean Searle [mailto:[EMAIL PROTECTED] :: Sent: Thursday, March 25, 2004 11:45 PM :: To: Tomcat Users List :: Subject: Securing a folder :: :: Hello Everyone, :: :: Not to sure how to phrase this but here I go anyways. I am attempting to secure a :: folder that is located within my application. This folder contains pdf's that only need :: to be accessible by tomcat, the site requires a password to enter. At first if I did :: www.domain.com/pdfs/somefile.pdf it would open up somefile.pdf. So I tried this in :: my http.conf file for the website: :: :: <Location "/pdfs"> :: order deny,allow :: deny from all :: allow from 127.0.0.1 :: </Location> :: :: But now tomcat cannot even retrieve the pdf's. Am I doing this right. Could you :: please point me to some doc's that might explain this more. :: :: Not sure if this helps or not: :: :: Windows 2000 Server SP4 :: Tomcat 4.1.24 LE :: Apache 2.0.46 :: JDK 1.4.1_02 :: :: Thank you for time :: :: Dean --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]