Changeset 26576


Ignore:
Timestamp:
12/12/12 14:56:32 (8 years ago)
Author:
ak19
Message:

Deny access to the Greenstone 3 log files, with greenstone.log particularly in mind. The change is made to web.xml, which will make it easier for users to choose to allow public access to these logs if they want to share the contents with the mailing list were they to encounter any GS3 problems.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/web/WEB-INF/web.xml

    r26517 r26576  
    409409  </mime-mapping>
    410410
    411 <!-- Deny access to contents of URL pattern /usersDB/*
    412 It appears the url pattern has to be relative to the web directory (a url-pattern of /usersDB/* is insufficient), so this may need to be done for all sites.
     411<!-- Deny access to contents of URL pattern /logs/*, although greenstone.log is the important one. It appears the url pattern has to be relative to the web directory.
    413412http://stackoverflow.com/questions/5333266/tomcat-deny-access-to-specific-files
    414413and http://www.coderanch.com/t/84442/Tomcat/write-correct-url-pattern-security -->
    415414  <security-constraint>
    416415    <web-resource-collection>
    417         <web-resource-name>usersDB files</web-resource-name>
    418         <description>No direct access to usersDB files.</description>
    419         <url-pattern>/sites/localsite/etc/usersDB/*</url-pattern>
    420     <!--<url-pattern>/usersDB/*</url-pattern>-->
     416        <web-resource-name>log files</web-resource-name>
     417        <description>No direct access to greenstone's logs.</description>
     418        <url-pattern>/logs/*</url-pattern>
    421419        <http-method>POST</http-method>
    422420        <http-method>GET</http-method>
    423421    </web-resource-collection>
    424422    <auth-constraint>
    425         <description>No direct browser access to usersDB files.</description>
     423        <description>No direct browser access to log files.</description>
    426424        <role-name>NobodyHasThisRole</role-name>
    427425    </auth-constraint>
Note: See TracChangeset for help on using the changeset viewer.