Red Hat Bugzilla – Bug 470175
RFE: Directory Listing Enabled
Last modified: 2015-01-04 18:34:42 EST
Description of problem:
It was possible to list and access directories and their contents of the PKI subsystems via the web browser. It is recommended to disable directory listing.
Steps to Reproduce:
1. After ensuring the CA service is running, invoke the URL https://localhost:9443/ca
Directories are listed.
Directory listing should be disabled.
The following two links are provided for reference:
Tomcat [CA, DRM, OCSP, TKS]:
Apache [RA, TPS]:
The Tomcat logic will be applied to the appropriate files in the CA, DRM, OCSP, and TKS; it does not look like the Apache logic needs to be applied to the RA, or TPS.
% find . -name web.xml | xargs grep -c listing | grep -v :0
% find . -name httpd.conf
Created attachment 336853 [details]
By default, disable directory listing on Tomcat PKI subsystems
Created attachment 336854 [details]
By default, disable directory listing on Tomcat PKI subsystems (spec files)
% svn stat
% svn commit
Transmitting file data ........
Committed revision 333.
Verified.(build: Tue 19 May09) Directory Listing is not possible on both Apache and Tomcat PKI subsystems.