Lloyd Chambers wrote:
> There are potential security issues with just turning on directory
> listings. I don't think it's a spec thing, but I do think it's wise to
> not offer directory listings by default.
I agree with this one. Directory listings should be off by default.
Also you can specify in the web.xml which files should be served in
which order using the welcome-file-list element and its nested
welcome-file elements.
Unless you specify this element the default of default-web.xml is
relevant. Thus the 404 should be pretty obvious to the developer. And
most end-users of any site would not know about the meaning of the files
in the directory listing anyway.
And finally you get the desired log information by using access logging
and grepping for 404 entries. Well since this of course are not only
directories it is not the same, but an analysis should be pretty
straightforward.
--
Wolfram Rittmeyer