Sorry where is the correct place to put this security constraint?
2012/1/27, Luciano Andress Martini <777u...@gmail.com>: > Thomas Rohde: > > With this tomcat still can upload files? Cause it need to can =[ > > > 2012/1/27, Luciano Andress Martini <777u...@gmail.com>: >> Thomas Rohde >> Man thank you very much, i will try it now! =] >> >> >> 2012/1/27, Luciano Andress Martini <777u...@gmail.com>: >>> Humm sorry friends im not trying to fight, i just really need to do >>> that. >>> >>> I will try to draw what i want to happen, maybe my english is very poor. >>> >>> (TOMCAT SERVER) says >>> -Yes i can access >>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque i can upload >>> files here. >>> >>> (USER) says >>> -No i cant access >>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque/ >>> >>> (TOMCAT LIST HELPER) says >>> Luciano, Idiot you need to move this directory outside tomcat6 >>> upload_contracheque. >>> >>> (DEVELOPER) says >>> Luciano Idiot, i never will move this directory, you just need to >>> block it, as you do in Apache2. You dont know how to do that? >>> >>> Understand now? >>> >>> >>> 2012/1/27, Luciano Andress Martini <777u...@gmail.com>: >>>> I really want to block a directory like >>>> /webapps/temporarios/upload_contracheque >>>> >>>> Yes is the first option but withou moving the directory outside >>>> tomcat, because im not the developer of the system, and i just put >>>> this system on the server.... and i really need to simple block this >>>> directory...=// >>>> >>>> I need to block this, in the similar way that i do in apache... >>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque >>>> >>>> I really cant move this outside this directory. >>>> >>>> Thank you. >>>> >>>> >>>> 2012/1/27, André Warnier <a...@ice-sa.com>: >>>>> Luciano Andress Martini wrote: >>>>>> I need to do this in tomcat6: >>>>>> Apache2 form: >>>>>> <Directory /var/www/temporarios/upload_contracheque> >>>>>> Order allow,deny >>>>>> deny from all >>>>>> </Directory> >>>>>> >>>>> >>>>> I think that you are again not very clear, but I will try to guess. >>>>> >>>>> There is no direct equivalent of the above in Tomcat, because Tomcat >>>>> works >>>>> on the base of >>>>> "context" rather than "disk directory". >>>>> (For an Apache2 equivalent, think <Location> instead of <Directory>). >>>>> >>>>> So to re-phrase your question : >>>>> You have a directory in Tomcat, like (tomcat_dir)/webapps/mywebapp/X , >>>>> and >>>>> you want to >>>>> prevent (all) web users from accessing the content of that >>>>> sub-directory >>>>> X. >>>>> Yes ? >>>>> >>>>> If yes, then the best way of achieving this is probably to have this >>>>> directory be outside >>>>> of the Tomcat /webapps/ space (better even, totally outside the Tomcat >>>>> directory tree). >>>>> If you need to access it from Apache2, then you can always use an >>>>> Alias >>>>> in >>>>> Apache2. >>>>> E.g. >>>>> >>>>> /var/www/site1/docs/ = Apache2 DocumentRoot >>>>> >>>>> /var/www/tomcat/webapps/ = Tomcat webapps dir >>>>> >>>>> /var/www/temporarios/upload = directory where the files are uploaded >>>>> >>>>> In Apache2 : >>>>> >>>>> Alias /temporarios/ /var/www/temporarios/ >>>>> <Directory /var/www/temporarios> >>>>> ..... (Allow/deny and other things) ... >>>>> </Directory> >>>>> >>>>> In Tomcat : nothing (Tomcat will not even see this directory, and no >>>>> Tomcat >>>>> URL can reach >>>>> it). >>>>> >>>>> If your Tomcat webapp needs to read/write there, then you decide that >>>>> inside >>>>> your Tomcat >>>>> webapp.(And you give the Apache and the Tomcat user the appropriate >>>>> user-id >>>>> & permissions >>>>> to read/write there). >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>> >>>>> >>>> >>> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
