403 Forbidden error

nicksnels

Active Member
#1
Hi,

I'm trying to create a virtual host to access files in my Tomcat webapps folder in Litespeed 3.1.1. So far I have made a script handler for jsp files (although there are no jsp files involved) and I have made the following context:

Java Web App
URI: /
Location: $VH_ROOT/
Servlet Engine: [Server Level]: Tomcat AJP, which is essentially a servlet engine on address localhost:8009

Everything works fine when I access it directly on Tomcat. When I go to the virtual host I can access images, directories with sound files, html and js files. The only thing I can't access is a folder defined in the web.xml file in the WEB-INF folder. When I try to access it I get a 403 Forbidden error. I can however access it directly on Tomcat. I have already tried many different configurations and none of them are working. I don't really know how to pinpoint the error, is it Tomcat, AJP, Litespeed config or the servlet. Hope you can help me out. Thanks.

Kind regards,

Nick
 

mistwang

LiteSpeed Staff
#2
Access to WEB-INF directory is blocked internally by LSWS for security reason. I think it is less desirable to expose the configuration file and other servlet class objects.

For anything need to be accessed directly via HTTP should be stored out side of that directory. I strongly suggest that, even when you are not using LiteSpeed. ;)
 
#3
Thanks for the reply. It is an application that is not written by me, so it would be hard(er) to change it. I will provide some more details, so a solution is possible.

In the WEB-INF folder there is a file called web.xml with the following content:

Code:
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>

    <!-- General description of your web application -->

    <display-name>An HTTP Binding Gateway to Jabber</display-name>
    <description>
      An implementation of JEP-0124 (HTTP-Binding). See
      http://www.jabber.org/jeps/jep-0124.html for details.
    </description>

    <context-param>
      <param-name>author</param-name>
      <param-value>xxx</param-value>
      <description>
        The EMAIL address of the author to whom questions
        and comments about this application should be addressed.
      </description>
    </context-param>

     <servlet>
        <servlet-name>Jabber HTTP Binding Servlet</servlet-name>
        <servlet-class>org.jabber.JabberHTTPBind.JHBServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>Jabber HTTP Binding Servlet</servlet-name>
        <url-pattern>/JHB/</url-pattern>
    </servlet-mapping>

    <session-config>
      <session-timeout>30</session-timeout>    <!-- 30 minutes -->
    </session-config>

</web-app>

This makes sure that when Tomcat is started, I can access a bunch of class files that are in WEB-INF/classes as
Code:
http://localhost:8080/chat/JHB/
Is it possible to access these files by using a proxy, ... or can I circumvent the security in LSWS or can I put these files elsewhere? Any help is very welcome. Thanks.

Kind regards,

Nick
 
Last edited by a moderator:

mistwang

LiteSpeed Staff
#4
I think you should use URI: /chat/ when you create the Java Web App context.
You can have LiteSpeed proxy to backend tomcat as well.
 
#5
Depending on configuration, I could not tell you which though, I am getting 403 and 400 alternatingly. Tried with different encodings, without the Bom etc, going via fiel. I did get it to work once, reading the example from the link above from and sending that. But it does not anyone.
 
Top