On 06.09.2017 00:16, Alejandro Vargas M. wrote:
Good afternoon,

I have a website on a client, and they ran a vulnerability test, and it throws a
vulnerability that any user can see web.xml from a web browser,

how can I hide to see web.xml or any other file from the browser?

1) if web.xml is inside the webapp/WEB-INF/ subdirectory, then tomcat will *never* allow a browser to see it. 2) if this tomcat is (logically) behind a front-end webserver, then make sure that it is not this front-end webserver which allows the client browser to see this file



Alejandro Vargas Mayorga
/*Gerente Desarrollo C.A. & C.*/
*Tel. 506- 7232-3366*
**www.kymsolutions.com* <http://www.kymsolutions.com/>*
Visite nuestra aula virtual! *

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to