anyone knows how to disable http methods such as put, delete on the jboss web server 7.0?
RewriteCond %{REQUEST_METHOD} ^(PUT|DELETE|TRACE|OPTIONS)$ [NC] is used for jboss6, but how can do on jboss7
Just add <security-constraint> to web.xml
see for example Whitelist security constraint in web.xml
Related
I already created a custom 404 page inside my web app deployed in JBoss AS 7.1.
So if my app is at fubar dot com :8080/Myapp and I go to fubar dot com :8080/Myapp/xyzzy, I get the custom error page (defined in the web app's web.xml file).
However, when I go to fubar dot com :8080/xyzzy, JBoss displays the default 404 page which discloses that it's JBoss and which JBoss version.
I need to replace this page in order to hide this information.
Please advise.
If you want to customize the error pages for all the other contexts in JBoss 7, a part of the configuration you have in your Myapp application, you'll also have:
to disable JBoss welcome page: in the file standalone/configuration/standalone.xml (or domain/configuration/domain.xml), set the attribute enable-welcome-root as false (by default it's true)
Then you'll have to deploy a simple war file setting its context-root to '/', and define the error page for this war (using the same method you've used for Myapp). So, the war structure should be similar to (the error.war name is arbitrary):
error.war
|
|- META-INF
|- WEB-INF
| |
| |- web.xml
| |- jboss-web.xml
|
|- error
|- 404.html
where The web.xml file is:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>yourcompanyname</display-name>
<error-page>
<error-code>404</error-code>
<location>/error/404.html</location>
</error-page>
</web-app>
And in the jboss-web.xml define the context-root as '/', so it would be:
<jboss-web>
<context-root>/</context-root>
</jboss-web>
The file 404.html is your customized html error page that Jboss will show instead of the 404 default error. That's all, deploy this application in JBoss 7, and you'll have your custom 404 error page when you'll visit fubar dot com:8080/yzyqqa or whatever other root context. Remember that you'll have to keep the error configuration in your Myapp web.xml as well (and in all the other applications you may the deploy in the server).
By the way, have you considered making your app Myapp accessible directly from fubar dot com:8080? Or even better, making the jboss server only accessible from a proxy (for example Apache)?.This way you'd avoid this problem as well.
I hope it helps!
Your problem : You defined the custom error page in web.xml of Myapp. Now if you access any resource with root as Myapp and the request throws a 404 it returns the custom error page.
Now you want that if you access any other root , here xxyzzzz you want to return the custom error page.
Now logically, if you configured a file for other project you cant expect it to be same for other project
Unless
either you configure the same thing for other project , i.e. xxxyzzz as well. i.e. place the 404 config in its web.xml aswell.
or you need to do something at the server scope.
the 1st solution is fairly simple and easy in case there are less number of projects and you not expecting a URL that does not match any of the project.
if you want to go with 1st solution, you know how to do it
Regarding the 2nd approach.
I could find some posts that should be helpful to you
refer these
with jboss as7, the custom of global web.xml is gone.
I could find only one way to configure a global 404 error page. refer here. IT WORKS :D
Custom error pages in Apache for JBoss AS7
I believe you will have to create your own page. JBoss uses Tomcat for serving the web requests.
In Tomcat the way to define your own 404 response page is having the following snippet in your web.xml
(Ref - http://wiki.apache.org/tomcat/FAQ/Miscellaneous#Q6)
<error-page>
<error-code>404</error-code>
<location>/error/404.html</location>
</error-page>
A detailed page on how to do this with struts is created by mykong # http://www.mkyong.com/struts/how-to-handle-404-error-in-struts/.
If you are using any other framework than struts you should have a equivalent.
In this gwt web says to place a *.htaccess config file like this to avoid caching main javascript gwt application.
<Files *.nocache.*>
ExpiresActive on
ExpiresDefault "now"
Header merge Cache-Control "public, max-age=0, must-revalidate"
</Files>
<Files *.cache.*>
ExpiresActive on
ExpiresDefault "now plus 1 year"
</Files>
Is there a way to do the same with Jetty ? (whithout needing to use httpd jetty module)
This answer shows how to disable/enable caching for all files served with Jetty:
How to prevent caching of static files in embedded Jetty instance?
I think to set up custom caching settings for individual files (e.g. nocache), one must use a filter and set the headers manually in the HttpResponseObject for files matching the request URI such as described here:
Servlet filter for browser caching?
Problem definition:
We have a public facing tomcat which we wish to single password protect a webapp on the prodution facing tomcat only. This can be done by adding a new user & role to the production tomcat-users.xml and adding the corresponding and sections to the webapps WEB-INF/web.xml
The problem is, because you have to change the actually webapp, it means the developers using eclipse cant access the site, unless they remove the lines and remember to re-apply them before releasing. It is not possible to edit the eclipse tomcats tomcat-users.xml (found in workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf as it gets overwritten when you stop/start tomcat.
Question:
Is there any other way of doing authentication only on the server, or alternately a way of getting the user into eclipses tomcat?
Below is what went into the web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>
Entire Application
</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>gamer</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Invigation only</realm-name>
</login-config>
One brute-force solution would be to add the needed things into web.xml during the final build process using a script. It isn't clean, and I'm sure there are better ways, but it eliminates the developer pain point.
Hello
I wanted to upload my web project done with zend framework on my ftp server.
I have uploaded it to the public_html/projects/myproject directory (I uploaded whole folder structure, directories: application, docs, library, Obsolete, public, scripts, tests, Zend).
Now if I type www.mydomain.com/projects/myproject I see all these folders.
If I want to run project I have to type www.mydomain.com/projects/myproject/public
I am not really surprised with that because it's exactly what I could expect, but I don't know how to make all folders other than public inaccessible and I would like to run my project after www.mydomain.com/projects/myproject...
What should I do to achieve this goal?
Greetings!
You will have to put htaccess files in the root, projects and myproject directories to disallow access. I don't know it by hand but it should be
deny all
Then in your apache config, might be a file named sites-enabled, there you should only need to add the directory config to the default host, e.g.:
<virtualhost foobar:80>
some crap here
some more crap
<Directory /projects/myproject/public>
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</virtualhost>
That should make your site work.
Remember to add the following to your project's htaccess file:
RewriteBase /projects/myproject
Hope that helps.
I have my joomla in http://project/ and now I want to have http://project/zf-project/
What httaccess should I use? And what changes in the code?
I have done this by
Not changing the ZF .htaccess
Putting my ZF public files inside /public/zf-project instead of /public this includes putting the ZF .htaccess file in /public/zf-project
Doing this worked fine for me without having to change anything else. Have you tried this?
EDIT
You could try adding to your Joomla .htaccess
RewriteRule ^(zf-project) - [L]
After the line which reads
RewriteEngine On
You can use the following .htaccess. It will work in subdirectories:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
Remember that you must apply baseUrl to your links, css files etc. This is necessary to include the sub-directory as a prefix to your urls.
Some of the classes in ZF already does that like the Url view helper.