Tomcat 8.5 WEB-INF内容可访问URL
[英]Tomcat 8.5 WEB-INF content accessible URL
问题描述
I am having a security issue with tomcat 8.5 application WEB-INF contents. 
tomcat 8.5应用程序WEB-INF内容存在安全问题。 I am not suppose to able to access content of WEB-INF (ie web.xml)via url but I can seem to access. 我不希望能够通过url访问WEB-INF的内容(即web.xml),但似乎可以访问。 How do I restrict this access? 如何限制此访问权限? I thought it should be restricted out the box. 我认为应该将其限制在外。 I am using linux and the permission is rw for user and r for group. 我使用的是Linux,用户的权限为rw,组的权限为r。
Any suggestion is appreciated. 任何建议表示赞赏。
1 个解决方案
解决方案1
0 2017-04-06 03:37:26
Normally, files under /WEB-INF are not accessible directly from outside. 通常,/ WEB-INF下的文件不能直接从外部访问。 If the files can be accessible, your application has vulnerabilities, like path traversal. 如果文件可访问,则您的应用程序具有漏洞,如路径遍历。 A simple solution is, for example, to restrict the access to URLs including WEB-INF by Apache in front of Tomcat. 一个简单的解决方案是,例如,限制Apache在Tomcat前面对URL的访问,包括WEB-INF。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.