A common practice is to use a Java application server such as Tomcat in conjunction with an HTTP Web server such as Apache HTTP Server. You can set up application so that Tomcat handles only those requests that involve Java processing, while Apache handles all images, stylesheets, and HTML files.

If you are doing this, you need to map the following URL patterns to the Tomcat server. You would put these mappings into Apache's configuration file, httpd.conf, or the Apache-Tomcat Connector's configuration file, workers2.properties. Please refer to the Apache-Tomcat Connector's documentation for complete instructions. Information is available at http://jakarta.apache.org/tomcat/connectors-doc.

These are the patterns that SoftSlate Commerce needs to use for requests involving Java processing.

If you are using a Web server to handle non-Java requests, another critical configuration step is to prevent access to the WEB-INF directory. That directory holds a number of files that, if exposed to outside users, would compromise security.

Here is an example of a directive for Apache to prevent access to the WEB-INF directory. This example assumes that you have installed SoftSlate Commerce in a directory named /var/www/html. (Replace that with the corresponding directory on your server.) You would place this directive in the appropriate place in Apache's configuration file, httpd.conf.

<Directory /var/www/html/softslate/WEB-INF/>
  AllowOverride None
  Deny from all
</Directory>