Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

disabling directory browsing  RSS feed

 
Carl Schwarcz
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I seen several recommendation to increase web application security by disabling directory browsing and found vendor specific ways of doing this in, for example, WebLogic and Tomcat.

I take it that there is no vendor-independent way of doing this?
 
Paulo Aquino
Ranch Hand
Posts: 202
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How do you do that in Tomcat?
 
Saulius Sinkunas
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think that there isn't vendor-independent way to do it. Although I haven't noticed it in servlet spec. What you can do, you can put your protected files under WEB-INF. Or just put index.html into all directories, as almost all vendors uses this file as index/welcome file.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Paulo Aquino:
How do you do that in Tomcat?


Under TOMCAT_HOME/conf, there is a web.xml file.
In it there is an entry for the defaultServlet.

Set the "listings" parameter to false.

 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!