Re: [EMAIL PROTECTED] Block Tomcat's directory listing vulnerability with Directory and regex

2006-12-18 Thread Leo Gil
This is better Redirect / http://foo.com On 12/18/06, Leo Gil <[EMAIL PROTECTED]> wrote: This did the work with Apache. I was trying to get rid of the semicolon but this seems better. AllowOverride None Order deny,allow Deny from all Allow from none Now I have to

Re: [EMAIL PROTECTED] Block Tomcat's directory listing vulnerability with Directory and regex

2006-12-18 Thread Leo Gil
This did the work with Apache. I was trying to get rid of the semicolon but this seems better. AllowOverride None Order deny,allow Deny from all Allow from none Now I have to decide between a tomcat 404 or an apache access denied Thanks again Leo On 12/18/06, Leo Gil <[EM

Re: [EMAIL PROTECTED] Block Tomcat's directory listing vulnerability with Directory and regex

2006-12-18 Thread Leo Gil
Leo On 12/18/06, Nick Kew <[EMAIL PROTECTED]> wrote: On Mon, 18 Dec 2006 18:26:06 -0500 "Leo Gil" <[EMAIL PROTECTED]> wrote: > Hi all, > > I have been trying to block the Tomcat directory listing vulnerability > using Apache's Directory with no success.

[EMAIL PROTECTED] Block Tomcat's directory listing vulnerability with Directory and regex

2006-12-18 Thread Leo Gil
Hi all, I have been trying to block the Tomcat directory listing vulnerability using Apache's Directory with no success. Has anyone been able to fix that? We can't upgrade Tomcat as recommended by the CVE, and that flaw is also present on versions above 5.5.17 Here is the vulnerability: http://