I have a new web server running Tomcat and serving jsp pages on a RedHat9
box.

I am new to web technologies and have been reviewing the access logs daily.
I find several attempts in the logs to run root.exe, cmd.exe, and various
scripts. What I have seen so far appear to be attempts against IIS which I
am not running. But with each request the server has to respond with 404
and 500 codes and reply traffic of various sizes. I saw one posting on
Google where repeated requests for "default.ida" shut down the site because
of the reply traffic.

I could find on Google that for Apache a file called htaccess could have
commands to trap requests but elsewhere it said that Tomcat doesn't use
htaccess, but I can't find what it does instead.

So I am hoping Tomcat has a method to let me trap strings like "default.ida"
or "root.exe" and just drop them to a black hole before the server is
requested to service the request.

I was also wondering if in the same method or another I could specifically
list html, jsp, and graphics that I will service and drop all others.

Thanks,

Larry Nobs




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)