Bug 470175 - RFE: Directory Listing Enabled
RFE: Directory Listing Enabled
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: Tomcat (Show other bugs)
1.0
All Linux
high Severity low
: ---
: ---
Assigned To: Matthew Harmsen
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2008-11-06 00:59 EST by Kashyap Chamarthy
Modified: 2015-01-04 18:34 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:30:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
By default, disable directory listing on Tomcat PKI subsystems (1.84 KB, patch)
2009-03-26 13:46 EDT, Matthew Harmsen
no flags Details | Diff
By default, disable directory listing on Tomcat PKI subsystems (spec files) (3.64 KB, patch)
2009-03-26 13:47 EDT, Matthew Harmsen
no flags Details | Diff

  None (edit)
Description Kashyap Chamarthy 2008-11-06 00:59:25 EST
Description of problem:

It was possible to list and access directories and their contents of the PKI subsystems via the web browser. It is recommended to disable directory listing.


How reproducible:
always

Steps to Reproduce:
1. After ensuring the CA service is running, invoke the URL https://localhost:9443/ca
  
Actual results:
Directories are listed.

Expected results:
Directory listing should be disabled.
Comment 1 Matthew Harmsen 2009-03-26 13:20:59 EDT
The following two links are provided for reference:

Tomcat [CA, DRM, OCSP, TKS]:
http://thedaneshproject.com/posts/how-to-disable-directory-listing-in-tomcat/

Apache [RA, TPS]:
http://felipecruz.com/blog_disable-directory-listing-browsing-apache.php


The Tomcat logic will be applied to the appropriate files in the CA, DRM, OCSP, and TKS; it does not look like the Apache logic needs to be applied to the RA, or TPS.
Comment 2 Matthew Harmsen 2009-03-26 13:43:02 EDT
Tomcat:

% find . -name web.xml | xargs grep -c listing | grep -v :0
./ca/shared/conf/web.xml:5
./tks/shared/conf/web.xml:5
./ocsp/shared/conf/web.xml:5
./kra/shared/conf/web.xml:5



Apache:

% find . -name httpd.conf
./ra/apache/conf/httpd.conf
./tps/apache/conf/httpd.conf
Comment 3 Matthew Harmsen 2009-03-26 13:46:43 EDT
Created attachment 336853 [details]
By default, disable directory listing on Tomcat PKI subsystems
Comment 4 Matthew Harmsen 2009-03-26 13:47:12 EDT
Created attachment 336854 [details]
By default, disable directory listing on Tomcat PKI subsystems (spec files)
Comment 5 Andrew Wnuk 2009-03-26 13:50:07 EDT
attachment (id=336853)
attachment (id=336854)
+ awnuk
Comment 6 Matthew Harmsen 2009-03-26 13:57:21 EDT
% svn stat
M      dogtag/ca/pki-ca.spec
M      dogtag/tks/pki-tks.spec
M      dogtag/ocsp/pki-ocsp.spec
M      dogtag/kra/pki-kra.spec
M      base/ca/shared/conf/web.xml
M      base/tks/shared/conf/web.xml
M      base/ocsp/shared/conf/web.xml
M      base/kra/shared/conf/web.xml

% svn commit
Sending        base/ca/shared/conf/web.xml
Sending        base/kra/shared/conf/web.xml
Sending        base/ocsp/shared/conf/web.xml
Sending        base/tks/shared/conf/web.xml
Sending        dogtag/ca/pki-ca.spec
Sending        dogtag/kra/pki-kra.spec
Sending        dogtag/ocsp/pki-ocsp.spec
Sending        dogtag/tks/pki-tks.spec
Transmitting file data ........
Committed revision 333.
Comment 7 Kashyap Chamarthy 2009-05-31 10:28:20 EDT
Verified.(build: Tue 19 May09) Directory Listing is not possible on both Apache and Tomcat PKI subsystems.

Note You need to log in before you can comment on or make changes to this bug.