Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

using symlink as virtual directory in Tomcat, can I block directory browsing?

Posted on 2002-07-08
9
Medium Priority
?
358 Views
Last Modified: 2013-12-06
I am using a symlink in Tomcat's ROOT directory to create a "virtual directory" without using Apache or another webserver.

So I do the following on Red Hat 7.2:

cd $TOMCAT_HOME/webapps/ROOT
ln -s /repository/assets assets

However, my problem is that a savvy user can enter the following in their browser:  http://myserver.com/assets

and view all the files in this directory.  Is their any way (chmod) with permissions to disable directory browsing?

The other thing I though we could do would be to change the ROOT application's web.xml to protect these symlink'ed directories.

Thanks,

Matt
0
Comment
Question by:mraible
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 400 total points
ID: 7139102
Anything that you were to do at the file system level to keep folks from browing a directory is going to keep the web server from accessing the directory. If you don't want users to see the contents of a directory you have to configure the web server to prevent that access. That's easy enough to do with an Apache server, and I'd guess that something similar should be possible with Tomcat.
0
 
LVL 1

Author Comment

by:mraible
ID: 7139155
that's the problem - I'm not using a webserver to create this virtual directory.  Just a symlink.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 7161149
It is entirely possible that I missed it in the Tomcat documentation, but I don't see any way to limit access to a directory unless Tomcat is running under a Web server. There are one or two things in the FAQ about limitations, but they all reference the use of Apache's config directives.
0
Implementing Azure Infrastructure Exam 70-533

This course is designed to familiarize and instruct students in the content that is covered by Microsoft Exam 70-533, Implementing Microsoft Azure Solutions. It focuses on all the November 2016 objective domain topics.

 
LVL 1

Author Comment

by:mraible
ID: 7161197
Apache does run a webserver as part of it's package - so it will server up *.html, *.gif, etc files.
0
 
LVL 1

Author Comment

by:mraible
ID: 7161198
Sorry, I mean Tomcat.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 7161290
Right, I realize that Tomcat can do a number of the things that Apache can do. What seems to be missing in Tomcat is the fine grained access control that Apache implements. There are two ways to use Tomcat. As a standalone server and running under Apache. The later method allows for limits to be placed on what clients can see and/or access and is the only way that I saw in the documentation to restrict access.
0
 

Expert Comment

by:CleanupPing
ID: 9088961
mraible:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 9105640
The answer is ther, though it probably wasn't what mraible wanted.
0
 
LVL 2

Expert Comment

by:TheWeakestLink
ID: 9485007
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
Accept comments from jlevie as answer
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

TheWeakestLink
EE Cleanup Volunteer
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question