Great, this is the solution I was looking for. I had it fixed temporarily in our front Apache httpd server, with a
<Location ~ [wW][eE][bB]-[iI][nN][fF]>
AllowOverride None
Deny from all
</Location>
directive for every <VirtualHost> (we are using mod_proxy_ajp), but I much prefer getting it blocked at the servlet container level.
Thanks!
[Message sent by forum member 'fraxion' (fraxion)]
http://forums.java.net/jive/thread.jspa?messageID=232304