You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by David Gillman <da...@flomerics.co.uk> on 2003/01/15 14:15:30 UTC

jsp pages being served despite apache access restrictions

I am using apache 2.0.40, tomcat 4.1.10 and mod_jk2 2.0.1

I want to restrict access to a certain directory on my site - Simple.  So I
add a directory directive to my virtual host directive.  This works fine for
my static content.  Obviously I want all my jsp pages sent to tomcat for
processing so I have created the neccessary workers and added a Location
directive to my virtual host directive.

However this is resulting in the jsp page being processed and returned to
the user without them being prompted for authorization.  i.e. it seems
apache is passing off the request to tomcat before checking if the directory
is restricted.  My understanding is that that directory directive should get
processed before the location one.

Any ideas how to get this to work correctly?

Here is my workers2.properties and the relavent section of my httpd.conf

# Define the communication channel
[channel.socket:localhost:8009]
info=Ajp13 forwarding over socket
tomcatId=localhost:8009

# define the worker
[ajp13:localhost:8009]
channel=channel.socket:localhost:8009

# Map the Tomcat examples webapp to the Web server uri space
[uri:/examples/*]
info=Map the whole webapp

# Use a location directive in httpd.conf instead
# [uri:/*.jsp]
# info=Map all jsp pages

# Shared memory handling. Needs to be set.
[shm]
file=/usr/local/live_apache/logs/shm.file
size=1048576




<VirtualHost *>
    ServerAdmin webmaster@foo.com
    DocumentRoot /home/httpd/www/foo.com/html
    ServerName foo.com
    ErrorLog     /home/httpd/www/foo.com/logs/error_log
    CustomLog    /home/httpd/www/foo.com/logs/access_log combined

        <Directory /home/httpd/www/foo.com/html/update_tool>
        Options FollowSymLinks
        AuthType Basic
        AuthName "foo.com"
        AuthUserFile /home/httpd/www/foo.com/admin/users
        require valid-user
        </Directory>
<Location "/*.jsp">
  JkUriSet worker ajp13:localhost:8009
</Location>
</VirtualHost>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>