Sk8erPeter's questions

I have some security concerns about my IIS websites.
From PHP-files (FastCGI) on our server the scripts are able to read my system's root directory (c:\), but even list the content of c:\windows. What is more troublesome that I can even create directories in the root like this: mkdir('c:\asdasd');, and it works without any problems; I can even read the other websites' directories (so actually maybe I could map the whole system's directory tree from a PHP script). I think that's a huge security problem. Noone should be able to read or write c:\, or other hosted website's content.

I know there's the open_basedir directive in PHP, but I think setting this directive doesn't solve the problem as I could also use any other server languages to access the same mentioned directories.

The directory tree of my websites look like this:

c:\net\web\php\
   |- website1
      |- other
      |- htdocs
   |- website2
      |- other
      |- htdocs
   |- website3
      |- other
      |- htdocs
   |- ...

The websites' source files are in the htdocs directory, so this is the "root" directory of these websites.
I just want to enable read/write permissions to the first parent directory of the website, like for example c:\net\web\php\website1 (so e.g. "c:\net\web\php\website1\other" could be written, but c:\net\web\php\ should not be).

How can I restrict the access this way?

Thanks!

In Apache, there's a way I can make phpMyAdmin available globally to all VirtualHosts I set up. In Apache, it looks like this:

<IfModule mod_alias.c>
    Alias /phpmyadmin "c:/AppServ/www/phpMyAdmin"
</IfModule>

This way I reach phpmyadmin with prepending /phpmyadmin to all my domain names, and I can see phpmyadmin's initial page. (So for example it works for all my domains like this: http://example_1.com/phpmyadmin, http://example_2.com/phpmyadmin, http://example_3.com/phpmyadmin also does work).

In IIS, there's an "Add Virtual Directory..." option when right clicking on a given site. Here I can set up e.g. phpMyAdmin's path to be reached with prepending /phpmyadmin to the given domain (e.g. http://example_1.com/phpmyadmin), but isn't there a "global" setting similar to Apache's Alias?

Or do I have to add a virtual directory to every given sites one by one?
I'm just curious, it's not a hard work to do it, but I'm interested in it if there exists another method to do it.

Thanks in advance!

In brief:

IIS 7 + Apache Tomcat 7 + isapi_redirect.dll:

I have a deployed and working Tomcat-application available under http://localhost:8080/my_app.
I would like to see the same content under http://my_app.local (and NOT the default Tomcat-site [which you can see below]).
I set up isapi_redirect.dll, so right now my_app.local's content equals to localhost:8080's, but it's not enough, I would like to map localhost:8080/my_app under my_app.local. (I DO have 127.0.0.1 my_app.local in hosts file, so I can already open my_app.local, BUT now it only shows the default Tomcat site (same as available under http://localhost:8080)).

Please read what I have already tried:

Longer explained:

I have IIS 7 (7.5.7600.16385) and Apache Tomcat/7.0.22 installed.

1. I deployed an application (let's call it "my_app") in Tomcat, which now can be reached at http://localhost:8080/my_app, works fine. I added a new web site in IIS panel with the path of the Tomcat deployed my_app, which looks like this: "c:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\my_app"
2. I binded the host name my_app.local.
3. After that, I configured isapi_redirect.dll like this (or that).
4. Now, when I open http://my_app.local, I can see the default Tomcat site (see below), which is the same as the content under http://localhost:8080/!! (That's the problem!!!)
5. BUT under http://my_app.local I would like to see the same content as under http://localhost:8080/my_app.

How can I do that? Thank you very much in advance!!

my config files:

• isapi_redirect.properties (I made a dir junction to c:\tomcat, so this also works :) )
• workers.properties
• uriworkermap.properties
• rewrites.properties (empty)

UPDATE

I found this too: http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html

Case B: You need to hide path components for all requests going to the application. Here's the recipe for the case, where you want to hide the first path component /myapp. More complex manipulations are left as an exercise to the reader. First the solution for the case of Apache httpd:

1. Use mod_rewrite to add /myapp to all requests before forwarding to the backend: [...]
2. Use mod_headers to rewrite any HTTP redirects your application might return. [...]
3. Use mod_headers again, to rewrite the paths contained in any cookies, your application might set. [...]

If you are using Microsoft IIS as a web server, the ISAPI plugin provides a way of doing the first step with a builtin feature. You define a mapping file for simple prefix changes like this:

# Add a context prefix to all requests ...
/=/myapp/
# ... or change some prefix ...
/oldapp/=/myapp/

and then put the name of the file in the rewrite_rule_file entry of the registry or your isapi_redirect.properties file. In your uriworkermap.properties file, you still need to map the URLs as they are before rewriting! [...]
There is no support for Steps 2 (rewriting redirect responses) or 3 (rewriting cookie paths).

I was surprised that it writes "There is no support for Steps 2 (rewriting redirect responses) or 3 (rewriting cookie paths).", I don't know if it's still true, but then what? Am I stuck again?

I'm using Tomcat 7.0.5 (installed with XAMPP 1.7.4) on a Windows XP (virtual machine, if it matters) with JVM version 1.6.0_27-b07.
When I try to upload a WAR file to deploy in Tomcat Web Application Manager ("Select WAR file to upload"), I get the following error message:

Message:    FAIL - File upload failed, no file

I tried to upload two different war-files which do work on another machine (and another server), so I think there's no problem with them.

What can be the possible reasons that lead to this error message?
Thanks in advance!

I'm using XAMPP with Apache HTTP Server and Tomcat Add-On installed.
There's a default mod_jk.conf which is generated by Tomcat when starting it.

1. But which file generates this mod_jk.conf file?
2. How can I modify default values? By default, it looks like this: pastebin - mod_jk.conf.
3. How does Apache HTTP Server reach this file? I can't see any reference to this file when looking into httpd.conf.
4. When I put a VirtualHost in my httpd.conf file, and I put the line JkMount /* ajp13 into it, Apache HTTP Server service can't start (causes a 7024 event id error in Event Viewer (with error code 1, but nothing specific), but puts no error messages into error.log. The VirtualHost looks like this: pastebin - VirtualHost + JkMount. This way Apache HTTP Server can not start. If I comment out the line JkMount /* ajp13, it starts without a problem.

5. BUT if I put the following line, which is the same as in mod_jk.conf, before the mentioned VirtualHost again, the service can start!

   <IfModule !mod_jk.c>
       LoadModule jk_module "C:/xampp/tomcat/xampp/apache/modules/mod_jk.so"
   </IfModule>
   

Why do I have to put this line in again?

Why does that happen, that the http://localhost/example does work, so this query is redirected to AJP13, but I have to put the LoadModule line in again in another file?

EDIT: I don't have a clue why, I surely modified something, but now /example doesn't work either... And the config above gives a 500 Internal Server Error.

I would like to synchronize my local directory content with another local directory on another partition or disk (or e.g. a pendrive).
I can synchronize my local directory content with a remote one (through FTP) with WinSCP, even with keeping remote directory up to date continously, but I don't know any programs that do the same between local directories.
I'm mainly looking for a program for Windows, and it should also be compatible with XP.

Can you help me with this? Thanks in advance.