If the Apache configuration/apache Tomcat configuration file is not handled well, it will bring considerable hidden trouble to the site, directory Traversal vulnerability, will expose all the site's directories to the visitors, experienced developers or hacker from these directories to know the current site information, such as development language, Server system, site structure, and even some sensitive information.
How Apache guards against directory traversal vulnerabilities.
This Apache tutorial is as follows
Edit httpd.conf
Find
1 |
Options Indexes FollowSymLinks |
”
Remove the indexes, and change to "
To
How Apache Tomcat guards against directory traversal vulnerabilities.
1, edit the httpd.conf of Apache
Find
1 |
Options Indexes MultiViews |
"In the indexs removed, changed to"
To
2, edit Tomcat's Conf/web.xml
Found it
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24-25 |
<servlet> <servlet-name>default< |