Solved

using symlink as virtual directory in Tomcat, can I block directory browsing?

Posted on 2002-07-08
9
336 Views
Last Modified: 2013-12-06
I am using a symlink in Tomcat's ROOT directory to create a "virtual directory" without using Apache or another webserver.

So I do the following on Red Hat 7.2:

cd $TOMCAT_HOME/webapps/ROOT
ln -s /repository/assets assets

However, my problem is that a savvy user can enter the following in their browser:  http://myserver.com/assets

and view all the files in this directory.  Is their any way (chmod) with permissions to disable directory browsing?

The other thing I though we could do would be to change the ROOT application's web.xml to protect these symlink'ed directories.

Thanks,

Matt
0
Comment
Question by:mraible
9 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 100 total points
ID: 7139102
Anything that you were to do at the file system level to keep folks from browing a directory is going to keep the web server from accessing the directory. If you don't want users to see the contents of a directory you have to configure the web server to prevent that access. That's easy enough to do with an Apache server, and I'd guess that something similar should be possible with Tomcat.
0
 
LVL 1

Author Comment

by:mraible
ID: 7139155
that's the problem - I'm not using a webserver to create this virtual directory.  Just a symlink.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 7161149
It is entirely possible that I missed it in the Tomcat documentation, but I don't see any way to limit access to a directory unless Tomcat is running under a Web server. There are one or two things in the FAQ about limitations, but they all reference the use of Apache's config directives.
0
 
LVL 1

Author Comment

by:mraible
ID: 7161197
Apache does run a webserver as part of it's package - so it will server up *.html, *.gif, etc files.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 1

Author Comment

by:mraible
ID: 7161198
Sorry, I mean Tomcat.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 7161290
Right, I realize that Tomcat can do a number of the things that Apache can do. What seems to be missing in Tomcat is the fine grained access control that Apache implements. There are two ways to use Tomcat. As a standalone server and running under Apache. The later method allows for limits to be placed on what clients can see and/or access and is the only way that I saw in the documentation to restrict access.
0
 

Expert Comment

by:CleanupPing
ID: 9088961
mraible:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 9105640
The answer is ther, though it probably wasn't what mraible wanted.
0
 
LVL 2

Expert Comment

by:TheWeakestLink
ID: 9485007
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
Accept comments from jlevie as answer
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

TheWeakestLink
EE Cleanup Volunteer
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This document is written for Red Hat Enterprise Linux AS release 4 and ORACLE 10g.  Earlier releases can be installed using this document as well however there are some additional steps for packages to be installed see Metalink. Disclaimer: I hav…
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now