Change the listings parameter value in the %CATALINA_HOME%/conf/web.xml to false. IE: <servlet> . . . <init-param> <param-name>listings</param-name> <param-value>false</param-value> </init-param> </servlet>
This should turn off the file listings so that users should not be able to navigate. Robert S. Harper Information Access Technology, Inc. -----Original Message----- From: Scott Purcell [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 31, 2005 9:24 AM To: tomcat-user@jakarta.apache.org Subject: Users Can See root files Hello, I was showing someone my website the other day, and when they started playing with the URL, they could see the jsp files, html files, and files under the WEB-INF directory. Is created a <welcome-file-list> in the web.xml, but I guess if someone plays with the url and tries to get a look at the files that does not help. How does one shut down all access to anything from a url Thanks Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]