Apache & Tomcat & access restrictions to directories according IPs

Fri, 18 Oct 2002 03:35:20 -0700 

Hi all!!!
There's something that I don't understand in the tomcat configuration
I am using Apache 1.3.9 and Tomcat 3.2
I used some <Directory> access directive in Apache to restrict the access to
some directories of my website.
 
<Directory "/home/html/tomcat/jsp/myprivate">
    Options Indexes MultiViews ExecCGI Includes FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 215.145.12.60
</Directory>
 
Normally, I shouldn't be able to go to my website : 
http://www.mysite.com/tomcat/jsp/myprivate/index.jsp
<http://www.mysite.com/tomcat/jsp/myprivate/index.jsp> 
from any other host than the 215.145.12.60
 
However I can!
and I am sure that the access directive work because when I use them with
html directories that are outside Tomcat, they can't be accessed like 
 
<Directory "/home/html/anotherprivate">
    Options Indexes MultiViews ExecCGI Includes FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 215.145.12.60
</Directory>
 
http://www.mysite.com/anotherprivate/index.jsp
<http://www.mysite.com/anotherprivate/index.jsp> 
 
 
-Aur

Ce message et toutes les pi�ces jointes (ci-apr�s le "message") sont
confidentiels et �tablis � l'intention exclusive de ses destinataires.
Toute divulgation, utilisation, diffusion ou reproduction 
(totale ou partielle) de ce message, ou des informations qu'il contient, 
doit �tre pr�alablement autoris�e.
Toute utilisation ou diffusion non autoris�e est interdite. 
Tout message �lectronique est susceptible d'alt�ration. 
Aurel Leven  et ses filiales d�clinent toute responsabilit� au titre de ce message 
s'il a �t� alt�r�, d�form� ou falsifi�.

                                ********

This message and any attachments (the "message") are confidential and
intended solely for the addressees.Any disclosure, use, dissemination or copying 
(either whole 
or partial) of this e-mail, or any information it contains, has to be approved 
beforehand.
Any unauthorised use or dissemination is prohibited.
E-mails are susceptible to alteration.   
Neither Aurel Leven nor any of its subsidiaries or affiliates shall be liable for the 
message if altered, changed or falsified. 



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>

Reply via email to