Thanks Justin. I really prefer to use ACLs in the repository for that. I now read that the script resolver is using the admin user as a default to read in the scripts. So it was possible for me to remove access for anonymous.
However if I login as a normal user, I still get access. I can of course restrict this user as well but wonder if there is a smarter way. What's the best way to remove the rights for all users except the admin user? Regards, Markus On Thu, Jan 6, 2011 at 10:38 PM, Justin Edelson <[email protected]> wrote: > On 1/6/11 4:30 PM, Markus Joschko wrote: >> Hi, >> I noticed that I can easily GET the esp/jsp files below my apps directory. >> >> How can they be secured so that nobody can easily fetch them? > > You could obviously do this an ACL (the script resolver can be > configured to use a specific user to read scripts if you configured the > repository such that end users couldn't read the script files). > > The other, IMHO easier, option is to do this is Apache configuration and > use mod_proxy. > > Justin > >> >> Thanks, >> Markus > >
