On 06.09.2017 00:16, Alejandro Vargas M. wrote:
Good afternoon,
I have a website on a client, and they ran a vulnerability test, and it throws a
vulnerability that any user can see web.xml from a web browser,
how can I hide to see web.xml or any other file from the browser?
1) if web.xml is inside the webapp/WEB-INF/ subdirectory, then tomcat will *never* allow a
browser to see it.
2) if this tomcat is (logically) behind a front-end webserver, then make sure that it is
not this front-end webserver which allows the client browser to see this file
Thanks.
--
Alejandro Vargas Mayorga
/*Gerente Desarrollo C.A. & C.*/
*Tel. 506- 7232-3366*
*Email:**alejandro.var...@kymsolutions.com*
<mailto:%20alejandro.var...@kymsolutions.com>*
**www.kymsolutions.com* <http://www.kymsolutions.com/>*
Visite nuestra aula virtual! *
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
