You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/12/09 19:28:45 UTC
DO NOT REPLY [Bug 25367] New: -
SECURITY requests for jsp pages bypass apache AuthUserFile directive
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25367>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25367
SECURITY requests for jsp pages bypass apache AuthUserFile directive
Summary: SECURITY requests for jsp pages bypass apache
AuthUserFile directive
Product: Tomcat 4
Version: 4.1.18
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Major
Priority: Other
Component: Connector:JK/AJP (deprecated)
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: jks@iname.com
I have this in my apache config:
<Directory "/local/webapps/wa">
AuthType Basic
AuthName "wa"
AuthUserFile /usr/local/apache2/passwd/wa
require user admins
</Directory>
This will block requests for html files, even /server-status, but not jsps. I'm
using jk connector 1.2.5
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org