Christopher Schultz wrote:
Philip,
Philip Wigg wrote:
| are there any reasons why Apache and Tomcat cannot share the same web
| root folder, presuming that I exclude access to WEB-INF?
Nope, you should be good.
I would also restrict access to META-INF, and if you have any files that
should not be served by Tomcat (such as Velocity or Freemarker
templates, properties files outside of the WEB-INF directory, etc.), you
should make arrangements for Apache to refuse to serve them.
I strongly advise against doing this. Unless you know *exactly* what you
are doing it is far too easy to open a whole can of security worms, the
most regularly seen of which is source code disclosure of all of the JSPs
on the site.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
