Disabling directory listings in Jetty

Wessel, Keith kwessel at illinois.edu
Wed Dec 2 14:00:56 EST 2015

Is there a link missing from that reply, Scott? I don't see anything going with [1].

I did find a reference to this in a Stack Overflow thread, and the suggested addition to web.xml (to Jetty's default servlet) was:


Since there's no default servlet in the IDP's web.xml, I wasn't sure if this was to be added verbatim or something else.


-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Wednesday, December 02, 2015 12:38 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Disabling directory listings in Jetty

On 12/2/15, 12:59 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

>I feel like I'm overlooking something obvious here, but Google is failing me on this one... probably because I'm giving it the wrong search.
>I'd like to disable Jetty's automaticly generated directory listings for /idp/images and /idp/css. I know I could just put index.html pages in my war file in those directories, but I'd prefer the server return a 403. Is there a setting I can add to my jetty.xml to disable directory listings globally? Or something I can add to web.xml to at least disable them for the IDP?

Never tried, but [1] might be the answer. The actual javadoc for the DefaultHandler it's talking about doesn't actually fit this case (it doesn't return a 404 at all) but it might be worth trying. Unless there's a generic Java way.

You have to have somewhat modulated expectations for web server functionality (and performance) to use Jetty alone. The upside is simplicity, but there are certainly plenty of downsides.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list