-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marx,
Marx wrote: > One more information, everything works ok if I use directive <Location>, > bu I want to be more secure and I want to use <Directory> > Marx This isn't going to work for you. You can't rely on Apache httpd's <directory> protections to protect directories what Tomcat is reading. Since Tomcat is intercepting the request, Apache httpd cannot check the directory where the JSP is being loaded from, etc. You have two choices: either use <Location> from within Apache httpd, or implement cert-based authorization in Tomcat for those URLs you want to protect. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFXHFV9CaO5/Lv0PARAjLjAKCgELL7a5MzcxIcoxHkkjoVeFFvYACeIucI kQHIxRKArAMnMzE4jVYnWNw= =+05X -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
