Solved

using symlink as virtual directory in Tomcat, can I block directory browsing?

Posted on 2002-07-08
9
352 Views
Last Modified: 2013-12-06
I am using a symlink in Tomcat's ROOT directory to create a "virtual directory" without using Apache or another webserver.

So I do the following on Red Hat 7.2:

cd $TOMCAT_HOME/webapps/ROOT
ln -s /repository/assets assets

However, my problem is that a savvy user can enter the following in their browser:  http://myserver.com/assets

and view all the files in this directory.  Is their any way (chmod) with permissions to disable directory browsing?

The other thing I though we could do would be to change the ROOT application's web.xml to protect these symlink'ed directories.

Thanks,

Matt
0
Comment
Question by:mraible
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 100 total points
ID: 7139102
Anything that you were to do at the file system level to keep folks from browing a directory is going to keep the web server from accessing the directory. If you don't want users to see the contents of a directory you have to configure the web server to prevent that access. That's easy enough to do with an Apache server, and I'd guess that something similar should be possible with Tomcat.
0
 
LVL 1

Author Comment

by:mraible
ID: 7139155
that's the problem - I'm not using a webserver to create this virtual directory.  Just a symlink.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 7161149
It is entirely possible that I missed it in the Tomcat documentation, but I don't see any way to limit access to a directory unless Tomcat is running under a Web server. There are one or two things in the FAQ about limitations, but they all reference the use of Apache's config directives.
0
Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

 
LVL 1

Author Comment

by:mraible
ID: 7161197
Apache does run a webserver as part of it's package - so it will server up *.html, *.gif, etc files.
0
 
LVL 1

Author Comment

by:mraible
ID: 7161198
Sorry, I mean Tomcat.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 7161290
Right, I realize that Tomcat can do a number of the things that Apache can do. What seems to be missing in Tomcat is the fine grained access control that Apache implements. There are two ways to use Tomcat. As a standalone server and running under Apache. The later method allows for limits to be placed on what clients can see and/or access and is the only way that I saw in the documentation to restrict access.
0
 

Expert Comment

by:CleanupPing
ID: 9088961
mraible:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 9105640
The answer is ther, though it probably wasn't what mraible wanted.
0
 
LVL 2

Expert Comment

by:TheWeakestLink
ID: 9485007
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
Accept comments from jlevie as answer
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

TheWeakestLink
EE Cleanup Volunteer
0

Featured Post

Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question