You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Luciano Andress Martini <77...@gmail.com> on 2012/01/27 13:23:30 UTC
Please somebody can translate this configuration in tomcat form for
server.xml or another xml config file?
I need to do this in tomcat6:
Apache2 form:
<Directory /var/www/temporarios/upload_contracheque>
Order allow,deny
deny from all
</Directory>
Thank you friends!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by Luciano Andress Martini <77...@gmail.com>.
This is how i designed the services.
Router -> Firewall -> Apache2 Tunnel (with iptables rules) -> Apache
Tomcat6 Server
The developers do not have a lot of experience with tomcat.
But they are good.
2012/1/27, Luciano Andress Martini <77...@gmail.com>:
> Yes.. in fact you can't access this servers from internet directly,
> you be-passed in an apache2 server, that encrypt and tunnel the
> connections.
>
>
>
> 2012/1/27, André Warnier <aw...@ice-sa.com>:
>> Luciano Andress Martini wrote:
>>> Pid and Andre,
>>> i will talk with the developer about this, solved or not, can generate
>>> new problems, as you said, the files will be deleted, so i will talk
>>> with him.
>>>
>>
>> Luciano,
>>
>> This application appears to be related to finance.
>> To me that suggests that you should want to be extra prudent in terms of
>> security and
>> reliability.
>> As we have tried to tell you, there are /multiple/ reasons for not having
>> an
>> upload
>> directory inside of the webapp directory. It should not even be under
>> /var/lib.
>> It is just a very bad idea, period.
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by Luciano Andress Martini <77...@gmail.com>.
Yes.. in fact you can't access this servers from internet directly,
you be-passed in an apache2 server, that encrypt and tunnel the
connections.
2012/1/27, André Warnier <aw...@ice-sa.com>:
> Luciano Andress Martini wrote:
>> Pid and Andre,
>> i will talk with the developer about this, solved or not, can generate
>> new problems, as you said, the files will be deleted, so i will talk
>> with him.
>>
>
> Luciano,
>
> This application appears to be related to finance.
> To me that suggests that you should want to be extra prudent in terms of
> security and
> reliability.
> As we have tried to tell you, there are /multiple/ reasons for not having an
> upload
> directory inside of the webapp directory. It should not even be under
> /var/lib.
> It is just a very bad idea, period.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by André Warnier <aw...@ice-sa.com>.
Luciano Andress Martini wrote:
> Pid and Andre,
> i will talk with the developer about this, solved or not, can generate
> new problems, as you said, the files will be deleted, so i will talk
> with him.
>
Luciano,
This application appears to be related to finance.
To me that suggests that you should want to be extra prudent in terms of security and
reliability.
As we have tried to tell you, there are /multiple/ reasons for not having an upload
directory inside of the webapp directory. It should not even be under /var/lib.
It is just a very bad idea, period.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by Luciano Andress Martini <77...@gmail.com>.
Pid and Andre,
i will talk with the developer about this, solved or not, can generate
new problems, as you said, the files will be deleted, so i will talk
with him.
2012/1/27, Luciano Andress Martini <77...@gmail.com>:
> Thank you friends and sorry for all this thing.
>
> Now i think i have a solution...
>
> Remember this application is running an apache tunneling the
> connections to the tomcat virtual servers?
>
> So, i blocked the directories in apache2 when it tunnels to tomcat ...
> and worked.
>
> Thank you very much for the help.
>
>
> 2012/1/27, Pid <pi...@pidster.com>:
>> On 27/01/2012 14:41, André Warnier wrote:
>>> Luciano Andress Martini wrote:
>>>> Humm sorry friends im not trying to fight, i just really need to do
>>>> that.
>>>>
>>>> I will try to draw what i want to happen, maybe my english is very
>>>> poor.
>>>>
>>>> (TOMCAT SERVER) says
>>>> -Yes i can access
>>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque i can upload
>>>> files here.
>>>>
>>>> (USER) says
>>>> -No i cant access
>>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque/
>>>>
>>>> (TOMCAT LIST HELPER) says
>>>> Luciano, Idiot you need to move this directory outside tomcat6
>>>> upload_contracheque.
>>>>
>>>> (DEVELOPER) says
>>>> Luciano Idiot, i never will move this directory, you just need to
>>>> block it, as you do in Apache2. You dont know how to do that?
>>>>
>>> ...
>>> (LUCIANO) says (to DEVELOPER)
>>> DEVELOPER idiot, you really want application to upload 10 GB files in
>>> the /var/lib/tomcat6/webapps directory ?
>>
>> (Pid) says
>>
>> DEVELOPER Idiot, you should never upload files into a location inside
>> the application because they will all be deleted if the application is
>> unloaded.
>>
>>
>>> and/or
>>>
>>> (LUCIANO) says (to DEVELOPER)
>>> DEVELOPER, you are the developer and can modify the web.xml of your
>>> application.
>>> If you want that directory protected, do it.
>>
>> +1 to that.
>>
>>
>> p
>>
>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>>
>> --
>>
>> [key:62590808]
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by Luciano Andress Martini <77...@gmail.com>.
Thank you friends and sorry for all this thing.
Now i think i have a solution...
Remember this application is running an apache tunneling the
connections to the tomcat virtual servers?
So, i blocked the directories in apache2 when it tunnels to tomcat ...
and worked.
Thank you very much for the help.
2012/1/27, Pid <pi...@pidster.com>:
> On 27/01/2012 14:41, André Warnier wrote:
>> Luciano Andress Martini wrote:
>>> Humm sorry friends im not trying to fight, i just really need to do that.
>>>
>>> I will try to draw what i want to happen, maybe my english is very poor.
>>>
>>> (TOMCAT SERVER) says
>>> -Yes i can access
>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque i can upload
>>> files here.
>>>
>>> (USER) says
>>> -No i cant access
>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque/
>>>
>>> (TOMCAT LIST HELPER) says
>>> Luciano, Idiot you need to move this directory outside tomcat6
>>> upload_contracheque.
>>>
>>> (DEVELOPER) says
>>> Luciano Idiot, i never will move this directory, you just need to
>>> block it, as you do in Apache2. You dont know how to do that?
>>>
>> ...
>> (LUCIANO) says (to DEVELOPER)
>> DEVELOPER idiot, you really want application to upload 10 GB files in
>> the /var/lib/tomcat6/webapps directory ?
>
> (Pid) says
>
> DEVELOPER Idiot, you should never upload files into a location inside
> the application because they will all be deleted if the application is
> unloaded.
>
>
>> and/or
>>
>> (LUCIANO) says (to DEVELOPER)
>> DEVELOPER, you are the developer and can modify the web.xml of your
>> application.
>> If you want that directory protected, do it.
>
> +1 to that.
>
>
> p
>
>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> --
>
> [key:62590808]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by Pid <pi...@pidster.com>.
On 27/01/2012 14:41, André Warnier wrote:
> Luciano Andress Martini wrote:
>> Humm sorry friends im not trying to fight, i just really need to do that.
>>
>> I will try to draw what i want to happen, maybe my english is very poor.
>>
>> (TOMCAT SERVER) says
>> -Yes i can access
>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque i can upload
>> files here.
>>
>> (USER) says
>> -No i cant access
>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque/
>>
>> (TOMCAT LIST HELPER) says
>> Luciano, Idiot you need to move this directory outside tomcat6
>> upload_contracheque.
>>
>> (DEVELOPER) says
>> Luciano Idiot, i never will move this directory, you just need to
>> block it, as you do in Apache2. You dont know how to do that?
>>
> ...
> (LUCIANO) says (to DEVELOPER)
> DEVELOPER idiot, you really want application to upload 10 GB files in
> the /var/lib/tomcat6/webapps directory ?
(Pid) says
DEVELOPER Idiot, you should never upload files into a location inside
the application because they will all be deleted if the application is
unloaded.
> and/or
>
> (LUCIANO) says (to DEVELOPER)
> DEVELOPER, you are the developer and can modify the web.xml of your
> application.
> If you want that directory protected, do it.
+1 to that.
p
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
[key:62590808]
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by André Warnier <aw...@ice-sa.com>.
Luciano Andress Martini wrote:
> Humm sorry friends im not trying to fight, i just really need to do that.
>
> I will try to draw what i want to happen, maybe my english is very poor.
>
> (TOMCAT SERVER) says
> -Yes i can access
> /var/lib/tomcat6/webapps/temporarios/upload_contracheque i can upload
> files here.
>
> (USER) says
> -No i cant access /var/lib/tomcat6/webapps/temporarios/upload_contracheque/
>
> (TOMCAT LIST HELPER) says
> Luciano, Idiot you need to move this directory outside tomcat6
> upload_contracheque.
>
> (DEVELOPER) says
> Luciano Idiot, i never will move this directory, you just need to
> block it, as you do in Apache2. You dont know how to do that?
>
...
(LUCIANO) says (to DEVELOPER)
DEVELOPER idiot, you really want application to upload 10 GB files in the
/var/lib/tomcat6/webapps directory ?
and/or
(LUCIANO) says (to DEVELOPER)
DEVELOPER, you are the developer and can modify the web.xml of your application.
If you want that directory protected, do it.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by Thomas Rohde <tr...@ordix.de>.
Am 27.01.2012 15:28, schrieb Luciano Andress Martini:
> Sorry where is the correct place to put this security constraint?
The web.xml file is an essential part of each Tomat web application. It
is located in <myapp>/WEB-INF/web.xml.
>
>
> 2012/1/27, Luciano Andress Martini<77...@gmail.com>:
>> Thomas Rohde:
>>
>> With this tomcat still can upload files? Cause it need to can =[
>>
>>
>> 2012/1/27, Luciano Andress Martini<77...@gmail.com>:
>>> Thomas Rohde
>>> Man thank you very much, i will try it now! =]
>>>
>>>
>>> 2012/1/27, Luciano Andress Martini<77...@gmail.com>:
>>>> Humm sorry friends im not trying to fight, i just really need to do
>>>> that.
>>>>
>>>> I will try to draw what i want to happen, maybe my english is very poor.
>>>>
>>>> (TOMCAT SERVER) says
>>>> -Yes i can access
>>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque i can upload
>>>> files here.
>>>>
>>>> (USER) says
>>>> -No i cant access
>>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque/
>>>>
>>>> (TOMCAT LIST HELPER) says
>>>> Luciano, Idiot you need to move this directory outside tomcat6
>>>> upload_contracheque.
>>>>
>>>> (DEVELOPER) says
>>>> Luciano Idiot, i never will move this directory, you just need to
>>>> block it, as you do in Apache2. You dont know how to do that?
>>>>
>>>> Understand now?
>>>>
>>>>
>>>> 2012/1/27, Luciano Andress Martini<77...@gmail.com>:
>>>>> I really want to block a directory like
>>>>> /webapps/temporarios/upload_contracheque
>>>>>
>>>>> Yes is the first option but withou moving the directory outside
>>>>> tomcat, because im not the developer of the system, and i just put
>>>>> this system on the server.... and i really need to simple block this
>>>>> directory...=//
>>>>>
>>>>> I need to block this, in the similar way that i do in apache...
>>>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque
>>>>>
>>>>> I really cant move this outside this directory.
>>>>>
>>>>> Thank you.
>>>>>
>>>>>
>>>>> 2012/1/27, André Warnier<aw...@ice-sa.com>:
>>>>>> Luciano Andress Martini wrote:
>>>>>>> I need to do this in tomcat6:
>>>>>>> Apache2 form:
>>>>>>> <Directory /var/www/temporarios/upload_contracheque>
>>>>>>> Order allow,deny
>>>>>>> deny from all
>>>>>>> </Directory>
>>>>>>>
>>>>>> I think that you are again not very clear, but I will try to guess.
>>>>>>
>>>>>> There is no direct equivalent of the above in Tomcat, because Tomcat
>>>>>> works
>>>>>> on the base of
>>>>>> "context" rather than "disk directory".
>>>>>> (For an Apache2 equivalent, think<Location> instead of<Directory>).
>>>>>>
>>>>>> So to re-phrase your question :
>>>>>> You have a directory in Tomcat, like (tomcat_dir)/webapps/mywebapp/X ,
>>>>>> and
>>>>>> you want to
>>>>>> prevent (all) web users from accessing the content of that
>>>>>> sub-directory
>>>>>> X.
>>>>>> Yes ?
>>>>>>
>>>>>> If yes, then the best way of achieving this is probably to have this
>>>>>> directory be outside
>>>>>> of the Tomcat /webapps/ space (better even, totally outside the Tomcat
>>>>>> directory tree).
>>>>>> If you need to access it from Apache2, then you can always use an
>>>>>> Alias
>>>>>> in
>>>>>> Apache2.
>>>>>> E.g.
>>>>>>
>>>>>> /var/www/site1/docs/ = Apache2 DocumentRoot
>>>>>>
>>>>>> /var/www/tomcat/webapps/ = Tomcat webapps dir
>>>>>>
>>>>>> /var/www/temporarios/upload = directory where the files are uploaded
>>>>>>
>>>>>> In Apache2 :
>>>>>>
>>>>>> Alias /temporarios/ /var/www/temporarios/
>>>>>> <Directory /var/www/temporarios>
>>>>>> ..... (Allow/deny and other things) ...
>>>>>> </Directory>
>>>>>>
>>>>>> In Tomcat : nothing (Tomcat will not even see this directory, and no
>>>>>> Tomcat
>>>>>> URL can reach
>>>>>> it).
>>>>>>
>>>>>> If your Tomcat webapp needs to read/write there, then you decide that
>>>>>> inside
>>>>>> your Tomcat
>>>>>> webapp.(And you give the Apache and the Tomcat user the appropriate
>>>>>> user-id
>>>>>> & permissions
>>>>>> to read/write there).
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by Luciano Andress Martini <77...@gmail.com>.
Sorry where is the correct place to put this security constraint?
2012/1/27, Luciano Andress Martini <77...@gmail.com>:
> Thomas Rohde:
>
> With this tomcat still can upload files? Cause it need to can =[
>
>
> 2012/1/27, Luciano Andress Martini <77...@gmail.com>:
>> Thomas Rohde
>> Man thank you very much, i will try it now! =]
>>
>>
>> 2012/1/27, Luciano Andress Martini <77...@gmail.com>:
>>> Humm sorry friends im not trying to fight, i just really need to do
>>> that.
>>>
>>> I will try to draw what i want to happen, maybe my english is very poor.
>>>
>>> (TOMCAT SERVER) says
>>> -Yes i can access
>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque i can upload
>>> files here.
>>>
>>> (USER) says
>>> -No i cant access
>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque/
>>>
>>> (TOMCAT LIST HELPER) says
>>> Luciano, Idiot you need to move this directory outside tomcat6
>>> upload_contracheque.
>>>
>>> (DEVELOPER) says
>>> Luciano Idiot, i never will move this directory, you just need to
>>> block it, as you do in Apache2. You dont know how to do that?
>>>
>>> Understand now?
>>>
>>>
>>> 2012/1/27, Luciano Andress Martini <77...@gmail.com>:
>>>> I really want to block a directory like
>>>> /webapps/temporarios/upload_contracheque
>>>>
>>>> Yes is the first option but withou moving the directory outside
>>>> tomcat, because im not the developer of the system, and i just put
>>>> this system on the server.... and i really need to simple block this
>>>> directory...=//
>>>>
>>>> I need to block this, in the similar way that i do in apache...
>>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque
>>>>
>>>> I really cant move this outside this directory.
>>>>
>>>> Thank you.
>>>>
>>>>
>>>> 2012/1/27, André Warnier <aw...@ice-sa.com>:
>>>>> Luciano Andress Martini wrote:
>>>>>> I need to do this in tomcat6:
>>>>>> Apache2 form:
>>>>>> <Directory /var/www/temporarios/upload_contracheque>
>>>>>> Order allow,deny
>>>>>> deny from all
>>>>>> </Directory>
>>>>>>
>>>>>
>>>>> I think that you are again not very clear, but I will try to guess.
>>>>>
>>>>> There is no direct equivalent of the above in Tomcat, because Tomcat
>>>>> works
>>>>> on the base of
>>>>> "context" rather than "disk directory".
>>>>> (For an Apache2 equivalent, think <Location> instead of <Directory>).
>>>>>
>>>>> So to re-phrase your question :
>>>>> You have a directory in Tomcat, like (tomcat_dir)/webapps/mywebapp/X ,
>>>>> and
>>>>> you want to
>>>>> prevent (all) web users from accessing the content of that
>>>>> sub-directory
>>>>> X.
>>>>> Yes ?
>>>>>
>>>>> If yes, then the best way of achieving this is probably to have this
>>>>> directory be outside
>>>>> of the Tomcat /webapps/ space (better even, totally outside the Tomcat
>>>>> directory tree).
>>>>> If you need to access it from Apache2, then you can always use an
>>>>> Alias
>>>>> in
>>>>> Apache2.
>>>>> E.g.
>>>>>
>>>>> /var/www/site1/docs/ = Apache2 DocumentRoot
>>>>>
>>>>> /var/www/tomcat/webapps/ = Tomcat webapps dir
>>>>>
>>>>> /var/www/temporarios/upload = directory where the files are uploaded
>>>>>
>>>>> In Apache2 :
>>>>>
>>>>> Alias /temporarios/ /var/www/temporarios/
>>>>> <Directory /var/www/temporarios>
>>>>> ..... (Allow/deny and other things) ...
>>>>> </Directory>
>>>>>
>>>>> In Tomcat : nothing (Tomcat will not even see this directory, and no
>>>>> Tomcat
>>>>> URL can reach
>>>>> it).
>>>>>
>>>>> If your Tomcat webapp needs to read/write there, then you decide that
>>>>> inside
>>>>> your Tomcat
>>>>> webapp.(And you give the Apache and the Tomcat user the appropriate
>>>>> user-id
>>>>> & permissions
>>>>> to read/write there).
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>
>>>>
>>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by Luciano Andress Martini <77...@gmail.com>.
Thomas Rohde:
With this tomcat still can upload files? Cause it need to can =[
2012/1/27, Luciano Andress Martini <77...@gmail.com>:
> Thomas Rohde
> Man thank you very much, i will try it now! =]
>
>
> 2012/1/27, Luciano Andress Martini <77...@gmail.com>:
>> Humm sorry friends im not trying to fight, i just really need to do that.
>>
>> I will try to draw what i want to happen, maybe my english is very poor.
>>
>> (TOMCAT SERVER) says
>> -Yes i can access
>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque i can upload
>> files here.
>>
>> (USER) says
>> -No i cant access
>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque/
>>
>> (TOMCAT LIST HELPER) says
>> Luciano, Idiot you need to move this directory outside tomcat6
>> upload_contracheque.
>>
>> (DEVELOPER) says
>> Luciano Idiot, i never will move this directory, you just need to
>> block it, as you do in Apache2. You dont know how to do that?
>>
>> Understand now?
>>
>>
>> 2012/1/27, Luciano Andress Martini <77...@gmail.com>:
>>> I really want to block a directory like
>>> /webapps/temporarios/upload_contracheque
>>>
>>> Yes is the first option but withou moving the directory outside
>>> tomcat, because im not the developer of the system, and i just put
>>> this system on the server.... and i really need to simple block this
>>> directory...=//
>>>
>>> I need to block this, in the similar way that i do in apache...
>>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque
>>>
>>> I really cant move this outside this directory.
>>>
>>> Thank you.
>>>
>>>
>>> 2012/1/27, André Warnier <aw...@ice-sa.com>:
>>>> Luciano Andress Martini wrote:
>>>>> I need to do this in tomcat6:
>>>>> Apache2 form:
>>>>> <Directory /var/www/temporarios/upload_contracheque>
>>>>> Order allow,deny
>>>>> deny from all
>>>>> </Directory>
>>>>>
>>>>
>>>> I think that you are again not very clear, but I will try to guess.
>>>>
>>>> There is no direct equivalent of the above in Tomcat, because Tomcat
>>>> works
>>>> on the base of
>>>> "context" rather than "disk directory".
>>>> (For an Apache2 equivalent, think <Location> instead of <Directory>).
>>>>
>>>> So to re-phrase your question :
>>>> You have a directory in Tomcat, like (tomcat_dir)/webapps/mywebapp/X ,
>>>> and
>>>> you want to
>>>> prevent (all) web users from accessing the content of that
>>>> sub-directory
>>>> X.
>>>> Yes ?
>>>>
>>>> If yes, then the best way of achieving this is probably to have this
>>>> directory be outside
>>>> of the Tomcat /webapps/ space (better even, totally outside the Tomcat
>>>> directory tree).
>>>> If you need to access it from Apache2, then you can always use an Alias
>>>> in
>>>> Apache2.
>>>> E.g.
>>>>
>>>> /var/www/site1/docs/ = Apache2 DocumentRoot
>>>>
>>>> /var/www/tomcat/webapps/ = Tomcat webapps dir
>>>>
>>>> /var/www/temporarios/upload = directory where the files are uploaded
>>>>
>>>> In Apache2 :
>>>>
>>>> Alias /temporarios/ /var/www/temporarios/
>>>> <Directory /var/www/temporarios>
>>>> ..... (Allow/deny and other things) ...
>>>> </Directory>
>>>>
>>>> In Tomcat : nothing (Tomcat will not even see this directory, and no
>>>> Tomcat
>>>> URL can reach
>>>> it).
>>>>
>>>> If your Tomcat webapp needs to read/write there, then you decide that
>>>> inside
>>>> your Tomcat
>>>> webapp.(And you give the Apache and the Tomcat user the appropriate
>>>> user-id
>>>> & permissions
>>>> to read/write there).
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by Luciano Andress Martini <77...@gmail.com>.
Thomas Rohde
Man thank you very much, i will try it now! =]
2012/1/27, Luciano Andress Martini <77...@gmail.com>:
> Humm sorry friends im not trying to fight, i just really need to do that.
>
> I will try to draw what i want to happen, maybe my english is very poor.
>
> (TOMCAT SERVER) says
> -Yes i can access
> /var/lib/tomcat6/webapps/temporarios/upload_contracheque i can upload
> files here.
>
> (USER) says
> -No i cant access /var/lib/tomcat6/webapps/temporarios/upload_contracheque/
>
> (TOMCAT LIST HELPER) says
> Luciano, Idiot you need to move this directory outside tomcat6
> upload_contracheque.
>
> (DEVELOPER) says
> Luciano Idiot, i never will move this directory, you just need to
> block it, as you do in Apache2. You dont know how to do that?
>
> Understand now?
>
>
> 2012/1/27, Luciano Andress Martini <77...@gmail.com>:
>> I really want to block a directory like
>> /webapps/temporarios/upload_contracheque
>>
>> Yes is the first option but withou moving the directory outside
>> tomcat, because im not the developer of the system, and i just put
>> this system on the server.... and i really need to simple block this
>> directory...=//
>>
>> I need to block this, in the similar way that i do in apache...
>> /var/lib/tomcat6/webapps/temporarios/upload_contracheque
>>
>> I really cant move this outside this directory.
>>
>> Thank you.
>>
>>
>> 2012/1/27, André Warnier <aw...@ice-sa.com>:
>>> Luciano Andress Martini wrote:
>>>> I need to do this in tomcat6:
>>>> Apache2 form:
>>>> <Directory /var/www/temporarios/upload_contracheque>
>>>> Order allow,deny
>>>> deny from all
>>>> </Directory>
>>>>
>>>
>>> I think that you are again not very clear, but I will try to guess.
>>>
>>> There is no direct equivalent of the above in Tomcat, because Tomcat
>>> works
>>> on the base of
>>> "context" rather than "disk directory".
>>> (For an Apache2 equivalent, think <Location> instead of <Directory>).
>>>
>>> So to re-phrase your question :
>>> You have a directory in Tomcat, like (tomcat_dir)/webapps/mywebapp/X ,
>>> and
>>> you want to
>>> prevent (all) web users from accessing the content of that sub-directory
>>> X.
>>> Yes ?
>>>
>>> If yes, then the best way of achieving this is probably to have this
>>> directory be outside
>>> of the Tomcat /webapps/ space (better even, totally outside the Tomcat
>>> directory tree).
>>> If you need to access it from Apache2, then you can always use an Alias
>>> in
>>> Apache2.
>>> E.g.
>>>
>>> /var/www/site1/docs/ = Apache2 DocumentRoot
>>>
>>> /var/www/tomcat/webapps/ = Tomcat webapps dir
>>>
>>> /var/www/temporarios/upload = directory where the files are uploaded
>>>
>>> In Apache2 :
>>>
>>> Alias /temporarios/ /var/www/temporarios/
>>> <Directory /var/www/temporarios>
>>> ..... (Allow/deny and other things) ...
>>> </Directory>
>>>
>>> In Tomcat : nothing (Tomcat will not even see this directory, and no
>>> Tomcat
>>> URL can reach
>>> it).
>>>
>>> If your Tomcat webapp needs to read/write there, then you decide that
>>> inside
>>> your Tomcat
>>> webapp.(And you give the Apache and the Tomcat user the appropriate
>>> user-id
>>> & permissions
>>> to read/write there).
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by Luciano Andress Martini <77...@gmail.com>.
Humm sorry friends im not trying to fight, i just really need to do that.
I will try to draw what i want to happen, maybe my english is very poor.
(TOMCAT SERVER) says
-Yes i can access
/var/lib/tomcat6/webapps/temporarios/upload_contracheque i can upload
files here.
(USER) says
-No i cant access /var/lib/tomcat6/webapps/temporarios/upload_contracheque/
(TOMCAT LIST HELPER) says
Luciano, Idiot you need to move this directory outside tomcat6
upload_contracheque.
(DEVELOPER) says
Luciano Idiot, i never will move this directory, you just need to
block it, as you do in Apache2. You dont know how to do that?
Understand now?
2012/1/27, Luciano Andress Martini <77...@gmail.com>:
> I really want to block a directory like
> /webapps/temporarios/upload_contracheque
>
> Yes is the first option but withou moving the directory outside
> tomcat, because im not the developer of the system, and i just put
> this system on the server.... and i really need to simple block this
> directory...=//
>
> I need to block this, in the similar way that i do in apache...
> /var/lib/tomcat6/webapps/temporarios/upload_contracheque
>
> I really cant move this outside this directory.
>
> Thank you.
>
>
> 2012/1/27, André Warnier <aw...@ice-sa.com>:
>> Luciano Andress Martini wrote:
>>> I need to do this in tomcat6:
>>> Apache2 form:
>>> <Directory /var/www/temporarios/upload_contracheque>
>>> Order allow,deny
>>> deny from all
>>> </Directory>
>>>
>>
>> I think that you are again not very clear, but I will try to guess.
>>
>> There is no direct equivalent of the above in Tomcat, because Tomcat
>> works
>> on the base of
>> "context" rather than "disk directory".
>> (For an Apache2 equivalent, think <Location> instead of <Directory>).
>>
>> So to re-phrase your question :
>> You have a directory in Tomcat, like (tomcat_dir)/webapps/mywebapp/X ,
>> and
>> you want to
>> prevent (all) web users from accessing the content of that sub-directory
>> X.
>> Yes ?
>>
>> If yes, then the best way of achieving this is probably to have this
>> directory be outside
>> of the Tomcat /webapps/ space (better even, totally outside the Tomcat
>> directory tree).
>> If you need to access it from Apache2, then you can always use an Alias
>> in
>> Apache2.
>> E.g.
>>
>> /var/www/site1/docs/ = Apache2 DocumentRoot
>>
>> /var/www/tomcat/webapps/ = Tomcat webapps dir
>>
>> /var/www/temporarios/upload = directory where the files are uploaded
>>
>> In Apache2 :
>>
>> Alias /temporarios/ /var/www/temporarios/
>> <Directory /var/www/temporarios>
>> ..... (Allow/deny and other things) ...
>> </Directory>
>>
>> In Tomcat : nothing (Tomcat will not even see this directory, and no
>> Tomcat
>> URL can reach
>> it).
>>
>> If your Tomcat webapp needs to read/write there, then you decide that
>> inside
>> your Tomcat
>> webapp.(And you give the Apache and the Tomcat user the appropriate
>> user-id
>> & permissions
>> to read/write there).
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by André Warnier <aw...@ice-sa.com>.
Luciano Andress Martini wrote:
> I really want to block a directory like
> /webapps/temporarios/upload_contracheque
>
> Yes is the first option but withou moving the directory outside
> tomcat, because im not the developer of the system,
then why are you messing it up ? ;-)
and i just put
> this system on the server.... and i really need to simple block this
> directory...=//
>
> I need to block this, in the similar way that i do in apache...
Yes, but Tomcat is not Apache httpd, and their security models are different.
If you try to just do in Tomcat "like in Apache", then it will be very easy to create a
security hole.
> /var/lib/tomcat6/webapps/temporarios/upload_contracheque
>
>
The above directory layout means that for Tomcat, "temporarios" is a "context" (= a
webapp). And inside this webapp "temporarios", "upload_contracheque" is just a path.
By default, Tomcat will serve anything inside the sub-directory "upload_contracheque", via
the default servlet.
To block access to that path inside of your webapp "temporarios", you will have to do
something specific for that path, inside of the file
/var/lib/tomcat6/webapps/temporarios/WEB-INF/web.xml
If you are not the developer, can you do that ? can you change the content of that web.xml
file ? what if the real developer provides a new version of that webapp (including a new
web.xml file) ?
> I really cant move this outside this directory.
You have not really provided a good reason why not.
And there are several good reasons why you should not have, under
/var/lib/tomcat6/webapps, a directory where files are being uploaded.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by Thomas Rohde <tr...@ordix.de>.
Am 27.01.2012 15:07, schrieb Luciano Andress Martini:
> I really want to block a directory like
> /webapps/temporarios/upload_contracheque
>
> Yes is the first option but withou moving the directory outside
> tomcat, because im not the developer of the system, and i just put
> this system on the server.... and i really need to simple block this
> directory...=//
>
> I need to block this, in the similar way that i do in apache...
> /var/lib/tomcat6/webapps/temporarios/upload_contracheque
Okay, it seems that your directory doesn't point to a web application
but rather to a sub directory of a web application. If so you can put
the rules into the web.xml file of the application.
Use a security constraint to handle this:
<security-constraint>
<web-resource-collection>
<web-resource-name>Upload directory</web-resource-name>
<url-pattern>/upload_contracheque/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>uploaduser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>upload</realm-name>
</login-config>
<security-role>
<role-name>uploaduser</role-name>
</security-role>
Now only authenticated users with the role "uploaduser" can access the
directory.
Thomas
>
>
> I really cant move this outside this directory.
>
> Thank you.
>
>
> 2012/1/27, André Warnier<aw...@ice-sa.com>:
>> Luciano Andress Martini wrote:
>>> I need to do this in tomcat6:
>>> Apache2 form:
>>> <Directory /var/www/temporarios/upload_contracheque>
>>> Order allow,deny
>>> deny from all
>>> </Directory>
>>>
>>
>> I think that you are again not very clear, but I will try to guess.
>>
>> There is no direct equivalent of the above in Tomcat, because Tomcat works
>> on the base of
>> "context" rather than "disk directory".
>> (For an Apache2 equivalent, think<Location> instead of<Directory>).
>>
>> So to re-phrase your question :
>> You have a directory in Tomcat, like (tomcat_dir)/webapps/mywebapp/X , and
>> you want to
>> prevent (all) web users from accessing the content of that sub-directory X.
>> Yes ?
>>
>> If yes, then the best way of achieving this is probably to have this
>> directory be outside
>> of the Tomcat /webapps/ space (better even, totally outside the Tomcat
>> directory tree).
>> If you need to access it from Apache2, then you can always use an Alias in
>> Apache2.
>> E.g.
>>
>> /var/www/site1/docs/ = Apache2 DocumentRoot
>>
>> /var/www/tomcat/webapps/ = Tomcat webapps dir
>>
>> /var/www/temporarios/upload = directory where the files are uploaded
>>
>> In Apache2 :
>>
>> Alias /temporarios/ /var/www/temporarios/
>> <Directory /var/www/temporarios>
>> ..... (Allow/deny and other things) ...
>> </Directory>
>>
>> In Tomcat : nothing (Tomcat will not even see this directory, and no Tomcat
>> URL can reach
>> it).
>>
>> If your Tomcat webapp needs to read/write there, then you decide that inside
>> your Tomcat
>> webapp.(And you give the Apache and the Tomcat user the appropriate user-id
>> & permissions
>> to read/write there).
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by Luciano Andress Martini <77...@gmail.com>.
I really want to block a directory like
/webapps/temporarios/upload_contracheque
Yes is the first option but withou moving the directory outside
tomcat, because im not the developer of the system, and i just put
this system on the server.... and i really need to simple block this
directory...=//
I need to block this, in the similar way that i do in apache...
/var/lib/tomcat6/webapps/temporarios/upload_contracheque
I really cant move this outside this directory.
Thank you.
2012/1/27, André Warnier <aw...@ice-sa.com>:
> Luciano Andress Martini wrote:
>> I need to do this in tomcat6:
>> Apache2 form:
>> <Directory /var/www/temporarios/upload_contracheque>
>> Order allow,deny
>> deny from all
>> </Directory>
>>
>
> I think that you are again not very clear, but I will try to guess.
>
> There is no direct equivalent of the above in Tomcat, because Tomcat works
> on the base of
> "context" rather than "disk directory".
> (For an Apache2 equivalent, think <Location> instead of <Directory>).
>
> So to re-phrase your question :
> You have a directory in Tomcat, like (tomcat_dir)/webapps/mywebapp/X , and
> you want to
> prevent (all) web users from accessing the content of that sub-directory X.
> Yes ?
>
> If yes, then the best way of achieving this is probably to have this
> directory be outside
> of the Tomcat /webapps/ space (better even, totally outside the Tomcat
> directory tree).
> If you need to access it from Apache2, then you can always use an Alias in
> Apache2.
> E.g.
>
> /var/www/site1/docs/ = Apache2 DocumentRoot
>
> /var/www/tomcat/webapps/ = Tomcat webapps dir
>
> /var/www/temporarios/upload = directory where the files are uploaded
>
> In Apache2 :
>
> Alias /temporarios/ /var/www/temporarios/
> <Directory /var/www/temporarios>
> ..... (Allow/deny and other things) ...
> </Directory>
>
> In Tomcat : nothing (Tomcat will not even see this directory, and no Tomcat
> URL can reach
> it).
>
> If your Tomcat webapp needs to read/write there, then you decide that inside
> your Tomcat
> webapp.(And you give the Apache and the Tomcat user the appropriate user-id
> & permissions
> to read/write there).
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by André Warnier <aw...@ice-sa.com>.
Luciano Andress Martini wrote:
> I need to do this in tomcat6:
> Apache2 form:
> <Directory /var/www/temporarios/upload_contracheque>
> Order allow,deny
> deny from all
> </Directory>
>
I think that you are again not very clear, but I will try to guess.
There is no direct equivalent of the above in Tomcat, because Tomcat works on the base of
"context" rather than "disk directory".
(For an Apache2 equivalent, think <Location> instead of <Directory>).
So to re-phrase your question :
You have a directory in Tomcat, like (tomcat_dir)/webapps/mywebapp/X , and you want to
prevent (all) web users from accessing the content of that sub-directory X. Yes ?
If yes, then the best way of achieving this is probably to have this directory be outside
of the Tomcat /webapps/ space (better even, totally outside the Tomcat directory tree).
If you need to access it from Apache2, then you can always use an Alias in Apache2.
E.g.
/var/www/site1/docs/ = Apache2 DocumentRoot
/var/www/tomcat/webapps/ = Tomcat webapps dir
/var/www/temporarios/upload = directory where the files are uploaded
In Apache2 :
Alias /temporarios/ /var/www/temporarios/
<Directory /var/www/temporarios>
..... (Allow/deny and other things) ...
</Directory>
In Tomcat : nothing (Tomcat will not even see this directory, and no Tomcat URL can reach
it).
If your Tomcat webapp needs to read/write there, then you decide that inside your Tomcat
webapp.(And you give the Apache and the Tomcat user the appropriate user-id & permissions
to read/write there).
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by "Mark H. Wood" <mw...@IUPUI.Edu>.
On Fri, Jan 27, 2012 at 01:34:30PM +0100, Thomas Rohde wrote:
> Am 27.01.2012 13:23, schrieb Luciano Andress Martini:
> > I need to do this in tomcat6:
> > Apache2 form:
> > <Directory /var/www/temporarios/upload_contracheque>
> > Order allow,deny
> > deny from all
> > </Directory>
> You need to define a Remote Adress Filter for your Context, Host or
> Engine. See
> http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter
> for more details.
>
> I think
>
> <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny=".*"/>
>
> should work for you.
No, I think that just denies access to the entire Context, Host, or
Engine from clients at any address. The HTTPD config fragment above
keeps all clients out of a single directory (and its subdirectories,
unless overridden by another Directory element).
--
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
Asking whether markets are efficient is like asking whether people are smart.
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by Luciano Andress Martini <77...@gmail.com>.
<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny=".*"/>
Where i specify the directory?
2012/1/27, Thomas Rohde <tr...@ordix.de>:
>
>
> Am 27.01.2012 13:23, schrieb Luciano Andress Martini:
>> I need to do this in tomcat6:
>> Apache2 form:
>> <Directory /var/www/temporarios/upload_contracheque>
>> Order allow,deny
>> deny from all
>> </Directory>
>>
>>
>> Thank you friends!
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> You need to define a Remote Adress Filter for your Context, Host or
> Engine. See
> http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter
> for more details.
>
> I think
>
> <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny=".*"/>
>
> should work for you.
>
> Thomas
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Please somebody can translate this configuration in tomcat form
for server.xml or another xml config file?
Posted by Thomas Rohde <tr...@ordix.de>.
Am 27.01.2012 13:23, schrieb Luciano Andress Martini:
> I need to do this in tomcat6:
> Apache2 form:
> <Directory /var/www/temporarios/upload_contracheque>
> Order allow,deny
> deny from all
> </Directory>
>
>
> Thank you friends!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
You need to define a Remote Adress Filter for your Context, Host or
Engine. See
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter
for more details.
I think
<Valve className="org.apache.catalina.valves.RemoteAddrValve" deny=".*"/>
should work for you.
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org