I’m using Tomcat 8.5.20, trying to use the rewrite valve to rewrite a 
root-level URL (/foo) to a URL in my webapp (/mywebapp/bar).

I added the rewrite valve to my server.xml, and I put my rewrite.config in 

This all works great IF I create an empty “ROOT” directory in webapps. If I 
remove the ROOT directory, though, accessing /foo just gives me a 404.


  1.  Is this by design, or is this a bug? (If it’s by design, then some 
additional notes in the documentation would be helpful).
  2.  If in fact I do need to have the ROOT webapp, what security precautions 
should I take? Security guides such as 
https://www.owasp.org/index.php/Securing_tomcat recommend removing the ROOT 
webapp, but without providing reasons or rationale.

Thank you!
--Dan Rabe

Reply via email to