1 Reply Latest reply on Sep 21, 2018 11:23 AM by dwiardiirawan

    Prevent exposed web.xml under WEB-INF

    dwiardiirawan
    dwiardiirawan Sep 21, 2018 11:23 AM

      Hi All,

       

      I have an issue regarding wildfly exposing my web.xml through internet.

      my directory structure

      src

      ---main

           ---webapp

                ---WEB-INF

                          ---web.xml

       

      when I try to access directly www.example.com/WEB-INF/web.xml, it show the context of the web.xml

      is there any configuration we can do to prevent this?

       

       

      thank you

      Dwi Ardi Irawan

      • 185 Views
      • Tags:
        • 1. Re: Prevent exposed web.xml under WEB-INF
          ctomc
          ctomc Sep 21, 2018 11:23 AM (in response to dwiardiirawan)

          WildFly does NOT do that.

           

          when you deploy your application it is packed in myapp.war/WEB-INF/web.xml and whole WEB-INF is protected.

           

          maybe you are using exploded deployment and apache/nginx in front that is serving directly from this folder?

            • Actions