Ok, But would be the better way (of life) for this? HTTPD vhost.conf: <VirtualHost 192.168.100.40:80> ServerAdmin xxx@yyy DocumentRoot "D:/www/apps/app1/ROOT" <Directory " D:/www/apps/app1/ROOT "> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> ... </VirtualHost>
Server.xml: <Host name="app1" appBase=" D:/www/apps/app1/"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="app1_access_log." suffix=".txt" pattern="common" resolveHosts="false"/> </Host> ROOT.xml in /conf/ <?xml version="1.0" encoding="UTF-8"?> <Context docBase=" D:/www/apps/app1/ROOT " privileged="true" reloadable="true" unpackWAR="true" antiJARLocking="true"> <Resource name="jdbc/jTDS" auth="Container" type="javax.sql.DataSource" maxActive="100" maxIdle="30" maxWait="10000" username="xxx" password="xxx" removeAbandoned="true" removeAbandonedTimeout="60" logAbandoned="true" driverClassName="net.sourceforge.jtds.jdbc.Driver" url="jdbc:jtds:sqlserver://db:1433/xxxx;charset=UTF-8" /> </Context> Greetings Alexander -----Ursprüngliche Nachricht----- Von: Pid [mailto:p...@pidster.com] Gesendet: Dienstag, 8. November 2011 16:21 An: Tomcat Users List Betreff: Re: AW: mod_jk - Browser displays HTML Sourcecode On 08/11/2011 15:12, Alexander Diedler wrote: > Hello > >> That most probably means that the URL mappings for mod_jk are not >> correct, > and that Apache httpd is serving that content directly. >> Look at (or show here) the JkMount lines that should be somewhere in >> your > Apache configuration. > > Was attached in the post: > JkMount /* loadbalancer > So everything would be served by tomcat. > >> At a second level, it also means that you are doing something that is > really not recommended : allow Apache httpd access to the Tomcat > application directories. +1 I'd go further: *never* publish a Tomcat application docBase as an HTTPD DocumentRoot. >> That bypasses any security that you may have in Tomcat. >> Your current problem is a perfect example : Apache now shows the >> source > code of your JSP pages. Hopefully there is no secret password in there. > >> Test : (http://www.test.de/xyz)/WEB-INF/web.xml > Yes you are right, I can read the web.xml from the browser. How we can > avoid it? Don't publish a Tomcat application docBase as an HTTPD DocumentRoot. Simples. p > Greetings > Alexander > > > >> >> >> >> In the Apache access log: >> >> xxx.xxx.214.145 - - [08/Nov/2011:14:44:08 +0100] "GET / HTTP/1.1" 200 >> 23281 ##OK >> >> xxx.xxx.214.145 - - [08/Nov/2011:14:44:11 +0100] "GET >> /go/VV4QB69WO9F01A9KGBSYVGNVGHY6T95J HTTP/1.1" 200 88572 ##Not ok, >> sorcecode displayed. >> >> >> >> In the virtual-host.conf: >> >> ## Tomcatanbindung >> >> JkMount /* loadbalancer >> >> JkOptions +ForwardURICompatUnparsed >> >> AllowEncodedSlashes On >> >> >> >> >> >> Greetings >> >> Alexander >> >> >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- [key:62590808]
smime.p7s
Description: S/MIME cryptographic signature