a***@gmail.com
2016-08-31 06:38:18 UTC
I have tomcat sitting behind apache and the webapp has to be accessed thru
https. I want tomcat to deal with requests that specify a JSP file and apache
itself to handle requests for static files. But the static files are
scattered in the webapp's directory tree (this is bad, but I can't fix it
in a while). So, I have set up this roughly as follows:
In file ssl.conf:
<VirtualHost _default_:443>
ProxyPassMatch "/myWebApp/(.*\.jsp)$" "ajp://localhost:8009/myWebApp/$1"
<LocationMatch "/myWebApp/WEB-INF/">
Require all denied
LogMessage "attempted to access restricted area (LocationMatch)"
</LocationMatch>
<DirectoryMatch "/real-path-to/myWebApp/WEB-INF/">
Require all denied
LogMessage "attempted to access restricted area (DirectoryMatch)"
</DirectoryMatch>
<Location "/myWebApp">
SSLRequireSSL
SSLOptions +StrictRequire +FakeBasicAuth +ExportCertData +OptRenegotiate
SSLCipherSuite ...
...
Require valid-user
LogMessage "attempted to access myWebApp"
</Location>
</VirtualHost>
I tried accessing the webapp and things worked but I expected to be denied
access to "https://<host>/myWebApp/WEB-INF/web.xml" but that was granted!
I looked in the error log (those LogMessage directives write to it) and
discovered that the *Match directives were consulted too LATE (after
<Location "/myWebApp"> was processed) to deny access to the said file.
I initially tried only the LocationMatch directive and later tried
DirectoryMatch too, but neither one succeeded in denying access to the file.
So, can anybody be kind enough to tell me what I am doing wrong?
https. I want tomcat to deal with requests that specify a JSP file and apache
itself to handle requests for static files. But the static files are
scattered in the webapp's directory tree (this is bad, but I can't fix it
in a while). So, I have set up this roughly as follows:
In file ssl.conf:
<VirtualHost _default_:443>
ProxyPassMatch "/myWebApp/(.*\.jsp)$" "ajp://localhost:8009/myWebApp/$1"
<LocationMatch "/myWebApp/WEB-INF/">
Require all denied
LogMessage "attempted to access restricted area (LocationMatch)"
</LocationMatch>
<DirectoryMatch "/real-path-to/myWebApp/WEB-INF/">
Require all denied
LogMessage "attempted to access restricted area (DirectoryMatch)"
</DirectoryMatch>
<Location "/myWebApp">
SSLRequireSSL
SSLOptions +StrictRequire +FakeBasicAuth +ExportCertData +OptRenegotiate
SSLCipherSuite ...
...
Require valid-user
LogMessage "attempted to access myWebApp"
</Location>
</VirtualHost>
I tried accessing the webapp and things worked but I expected to be denied
access to "https://<host>/myWebApp/WEB-INF/web.xml" but that was granted!
I looked in the error log (those LogMessage directives write to it) and
discovered that the *Match directives were consulted too LATE (after
<Location "/myWebApp"> was processed) to deny access to the said file.
I initially tried only the LocationMatch directive and later tried
DirectoryMatch too, but neither one succeeded in denying access to the file.
So, can anybody be kind enough to tell me what I am doing wrong?