{"id":328,"date":"2003-03-24T21:21:16","date_gmt":"2003-03-25T01:21:16","guid":{"rendered":"http:\/\/wordpress.cephas.net\/?p=328"},"modified":"2003-03-24T21:21:16","modified_gmt":"2003-03-25T01:21:16","slug":"web-inf-directory-security","status":"publish","type":"post","link":"https:\/\/cephas.net\/blog\/2003\/03\/24\/web-inf-directory-security\/","title":{"rendered":"WEB-INF directory security"},"content":{"rendered":"<p>Thanks to <a href=\"http:\/\/www.magrathea.com\/~mch\/\">Maia<\/a> for pointing out that my WEB-INF directory on <a href=\"http:\/\/www.karensrecipes.com\/\">karensrecipes.com<\/a> and other jsp based sites was accessible.. I was under the (incorrect) impression that Tomcat didn&#8217;t allow requests to the WEB-INF directory by default, but apparently it&#8217;s something you have to setup in Apache, specifically: <\/p>\n<p>&lt;Location &#8220;\/WEB-INF\/&#8221;&gt;<br \/>\n&nbsp;&nbsp;&nbsp;AllowOverride None<br \/>\n&nbsp;&nbsp;&nbsp;deny from all<br \/>\n&lt;\/Location&gt;<\/p>\n<p>Covalent has an excellent support document on <a href=\"http:\/\/www.covalent.net\/support\/docs\/faststart\/3.0.0\/productguide\/html\/tomcat4.html\">properly setting up your Apache and Tomcat installation<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Thanks to Maia for pointing out that my WEB-INF directory on karensrecipes.com and other jsp based sites was accessible.. I was under the (incorrect) impression that Tomcat didn&#8217;t allow requests to the WEB-INF directory by default, but apparently it&#8217;s something you have to setup in Apache, specifically: &lt;Location &#8220;\/WEB-INF\/&#8221;&gt; &nbsp;&nbsp;&nbsp;AllowOverride None &nbsp;&nbsp;&nbsp;deny from all &lt;\/Location&gt; &hellip; <a href=\"https:\/\/cephas.net\/blog\/2003\/03\/24\/web-inf-directory-security\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">WEB-INF directory security<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"https:\/\/cephas.net\/blog\/wp-json\/wp\/v2\/posts\/328"}],"collection":[{"href":"https:\/\/cephas.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cephas.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cephas.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cephas.net\/blog\/wp-json\/wp\/v2\/comments?post=328"}],"version-history":[{"count":0,"href":"https:\/\/cephas.net\/blog\/wp-json\/wp\/v2\/posts\/328\/revisions"}],"wp:attachment":[{"href":"https:\/\/cephas.net\/blog\/wp-json\/wp\/v2\/media?parent=328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cephas.net\/blog\/wp-json\/wp\/v2\/categories?post=328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cephas.net\/blog\/wp-json\/wp\/v2\/tags?post=328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}