1 Reply Latest reply on Jun 22, 2003 1:34 PM by Jon Barnett

    Avoid Directory browsing ?

    hgarrett Newbie

      Hi everyone.
      I have a war application called ABC.war
      In this war file i have my JSP's, my image files and
      other resources my site needs.

      My Jboss-web XML doesn't have context-root tags
      and no virtual-host is defined either.

      In this way i can access my site by this url:
      http://localhost:8080/ABC/index.jsp

      Well.., my problem is - if i take out the index.jsp
      and any client place this url on the browser:

      http://localhost:8080/ABC/
      He can see all my website files there !!

      How can i avoid it? Does JBoss has some configuration
      that can avoid folder browsing..?

      Thanx anyway.. I'll wait some answer.
      (by the way this forum is great !)

        • 1. Re: Avoid Directory browsing ?
          Jon Barnett Master

          More of a Jetty question than a JBoss question. Look at server/default/deploy/jbossweb-jetty.sar/webdefault.xml.

          Look for the attribute set:
          <init-param>
          <param-name>dirAllowed</param-name>
          <param-value>true</param-value>
          </init-param>

          Set it to false and you should be away once you restart JBoss/Jetty. There are also comments in the file about different settings for your servlet container.