Hide or protect directories by name / url-pattern
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Mario_Winterer
Posted On:   Thursday, January 13, 2005 05:34 AM

I'm running a tomcat webserver and want to hide certain directories within a web application from browsers similar to the WEB-INF directory, which is hidden by default. Example: Hide all directories named "resources", also those within subdirectories. Note: One possibility would be implementing some kind of "ResourceAccessFilter" that is mapped against everything ("/*") and blocks every request, that matches a certain regular expression (that can be configured in web.xml). Is this solution secure? Can a "hacker" circumvent the regular expression by manipulating the request-url (e.g. by hexadecimal encoding   More>>

I'm running a tomcat webserver and want to hide certain directories within a web application from browsers similar to the WEB-INF directory, which is hidden by default.


Example: Hide all directories named "resources", also those within subdirectories.


Note:






One possibility would be implementing some kind of "ResourceAccessFilter" that is mapped against everything ("/*") and blocks every request, that matches a certain regular expression (that can be configured in web.xml).


Is this solution secure? Can a "hacker" circumvent the regular expression by manipulating the request-url (e.g. by hexadecimal encoding. e.g.: ".../%72equest/...").


Are there better (maybe built-in) solutions?


Thanx,

  Tex

   <<Less

Re: Hide or protect directories by name / url-pattern

Posted By:   Christopher_Koenigsberg  
Posted On:   Saturday, January 15, 2005 07:43 AM

why not just use WEB-INF
About | Sitemap | Contact