Placing static content inside WEB-INF doesn't seem like good practice so
something like:
<Location "/WEB-INF">
AllowOverride None
deny from all
</Location>
should prevent unwanted access.
-Terence M. Bandoian
> Well, this is a bit off topic, since I had meant (and still mean) this as a
> tentative bug report of a problem with mod_jk (am I the only one who sees
> this issue?), but commonly packaged applications assume you can serve
> non-java content (styles, .js files, etc) from the same tree you serve your
> java stuff, or at least this has been my experience.
>
> Your "best practice" makes sense to me, but it means either that you
have to
> restructure every such packaged app, or you have to have tomcat serve all
> static files, bypassing a big reason why most people (I assume) are using
> apache to front tomcat.
>
> Maybe I'm missing something, it wouldn't be the first time...
>
> George
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
