For fresh Tomcat installations, directory listing is enabled by default. This can be a very useful debugging tool, and if, like me, you sometimes forget what servlets are deployed in a certain web application, you can get a complete listing by simply keying in the web application's URL.
But for production deployments, you may want to turn it off. If nothing else, it discourages users from poking around where they should not. There are basically 2 methods of "turning off" this option :
1. Create an index.html file and place it in the web application's directory
2. Edit the global web.xml file to turn off the option.
The first option is fairly simple, so we shall only examine the second option.
Open the file web.xml which is located inside $CATALINA_HOME/conf/. This is the global web.xml file, which means that any changes here will affect ALL web applications deployed by that Tomcat instance. If you want more granular control, like turning it off for certain applications but not for others, you will need to go with the first option of creating index.html files.
Change param-value of listing to false and you turn off directory listing. It is that simple.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment