Avoid font downloading in Glassfish

Question

We currently have a Glassfish Server 4.0 hosting our webpage, with Apache 2.2 as our Digital Certificate Holder in Ubuntu Server. One of our clients did a Vulnerability testing and discovered that a font (specifically, the glyphicons-halflings-regular.ttf) could be downloaded by using the URL:

 http://<URL>/<War>/faces/resources/fonts/glyphicons-halflings-regular.ttf

Is there any way that we can avoid that download and instead redirect that Link to a error page when people try to access any link of that type?

Thanks in advance

score 0 · Accepted Answer · answered May 13 '15 at 14:13

Well, the solution I found was this

I opened the Glassfish Console, went to Configurations –> server-config -> virtual servers -> server and then I clicked on the Add Property button the name was: Redirect1 The code was:

from=/<war>/faces/resources/fonts/glyphicons-halflings-regular.ttf url-prefix=https://<URL>/<war>/

I did it with all of the Cluster and configuration instances of Glassfish Cluster

After a Glassfish and Cluster restart everything was working fine.

Regards!

Avoid font downloading in Glassfish

1 Answers1