티스토리 뷰

반응형

http://ApacheIP:80/web-inf/web.xml 파일 안보이기


1) 웹 서버 혹은 웹 어플리케이션 서버에서 디렉토리 인덱싱 기능을 비활성화 시킨다.

        [tomcat의 예제]

        <!--web.xml-->
           <init-param>
                <param-name>listings</param-name>
                <param-value>false</param-value>
           </init-param>

        [apache의 예제]

        <!--httpd.conf-->

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive Off

#2009.12.08 Namha
Options IncludesNoExec FollowSymLinks
#Options FollowSymLinks MultiViews
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs/2.0/mod/core.html#options
# for more information.
#
#    Options FollowSymLinks

Alias /icons/ "D:/Amail/app/Apache2/icons/"

<Directory "D:/Amail/app/Apache2/icons">
    Options MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<Directory "D:/Amail/ems52/market/ems/WEB-INF">
    Options MultiViews
    AllowOverride None
    Order allow,deny
    Deny from all
    Allow from 88.10.1
</Directory>

<Directory "D:/Amail/app/Apache2/manual">
#2009.12.08 Namha
#   Options Indexes
    AllowOverride None
    Order allow,deny
    Allow from all

    <Files *.html>
        SetHandler type-map
    </Files>

    SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1
    RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2
</Directory>

#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
AddHandler cgi-script .cgi

<Directory "/usr/local/apache/htdocs"> 
#
#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#

수전전    Options Indexes FollowSymLinks MultiViews
수정후    Options FollowSymLinks MultiViews

#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"

</Directory>

     2) 웹 소스가 위치한 웹 디렉토리에서 임시/백업 파일 및 설치 파일의 존재여부를 조사하여 이를 삭제한다.

     3) 웹 서버나 웹 어플리케이션 서버 설치시 자동 생성되는 파일 중 외부에 정보를 노출 할 수 있는 메뉴얼 파일, 샘플등을 조사하여 이를 삭제한다.

반응형
반응형
공지사항
최근에 올라온 글
최근에 달린 댓글
Total
Today
Yesterday
«   2024/12   »
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
글 보관함