On Tue, 5 Nov 2002, Marc Mendez wrote:
> Date: Tue, 5 Nov 2002 18:13:08 +0100 > From: Marc Mendez <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: Tomcat Users List <[EMAIL PROTECTED]> > Subject: Re: Standalone Tomcat : suppress directory listing in web.xml > > > Stick a file called "index.html" in the directory where you want listings > > suppressed. > > It may work. But imagine the following directory structure > > Dir A contains Dir B, which contains Dir C > put a file index.htm in "Dir A" > Ok, but, if a "malicious" user knows the structure, he can easily access to > Dir B, by giving the full path ! Even more, if he knows the name of a file, > he can download it ! > You can suppress directory indexes in the $CATALINA_HOME/conf/web.xml file. See the "listings" init parameter for the "default" servlet. > > > > Write a Filter to intercept all requests and look for a filename in the > > request...open-ended requests like "/" or "/myapp/" would be intercepted > and > > redirected. > > Just a question about filter. "They are preprocessors of the request before > it reaches a servlet" > So, if I write > > http://localhost:8080/myapp/servlet/myapp?Agent=myagent > > which is a request, the filter should run. > > but if I write > > http://localhost:8080/myapp > > or anything without "servlet/myapp" ... it's not a request to my servlet, > but just to Tomcat. I suppose it does not run ? Right ou false ? You have complete control over which requests your filter applies to, because you are defining a <filter-mapping> for it. In particular, if you use a URL pattern of "/*" in your filter mapping, then *all* requests for your webapp will go through the filter. Of course, you have the same degree of control over the URLs that select your servlet, by using <servlet-mapping> elements -- there's no requirement that "/servlet/*" be used. > > > > > Make sure you have a welcome file list setup in your web.xml. > > > > Yes, it set > > Thanks Craig -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
