1 Reply Latest reply on Mar 25, 2006 8:10 AM by starksm64

    Security: avoid a user to navigate through JBoss directory s

    ogomez

      Hi guys,

      I'm using JBoss to deploy some applications, and i would like to know how i can configure Jboss in order to avoid that a user could access Jboss directory structure (and all of my PC directory structure ) just typing an URL in the address bar in the, for example, Internet Explorer, in order to increase my application server security access.

      Waiting for your news asap

      Best regards



        • 1. Re: Security: avoid a user to navigate through JBoss directo
          starksm64

          Disable directory listings by setting the jbossweb-tomcat55.sar/conf/web.xml default servlet listings param to false:

           <servlet>
           <servlet-name>default</servlet-name>
           <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
           <init-param>
           <param-name>debug</param-name>
           <param-value>0</param-value>
           </init-param>
           <init-param>
           <param-name>listings</param-name>
           <param-value>false</param-value>
           </init-param>
           <load-on-startup>1</load-on-startup>
           </servlet>