|
Due to a possible information disclosure issue, remove
access to the JBoss status page by following these steps for your
version of the application server.
(JBoss 5.1 only) Locate [JBoss root]/server/lc_turnkey/deploy/ROOT.war/WEB-INF,
and open the web.xml file in an editor.
(JBoss 4.2.1 only) Locate [JBoss root]/server/lc_turnkey/deploy/
jbossweb.deployer/ROOT.war/WEB-INF, and open the web.xml file in
an editor
Comment out the servlet and servlet-mapping tags
as follows:
<!-- <servlet>
<servlet-name>Status Servlet</servlet-name>
<servlet-class>org.jboss.web.tomcat.service.StatusServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Status Servlet</servlet-name>
<url-pattern>/status</url-pattern>
</servlet-mapping> -->
Save and close the file.
|
|
|
