Rule ID
SV-213523r960963_rule
Version
V2R6
CCIs
The Welcome to JBoss web page provides a redirect to the JBoss admin console, which, by default, runs on TCP 9990 as well as redirects to the Online User Guide and Online User Groups hosted at locations on the Internet. The welcome page is unnecessary and should be disabled or replaced with a valid web page.
Use a web browser and browse to HTTP://JBOSS SERVER IP ADDRESS:8080 If the JBoss Welcome page is displayed, this is a finding.
Use the Management CLI script JBOSS_HOME/bin/jboss-cli.sh to run the following command. You may need to change the profile to modify a different managed domain profile, or remove the "/profile=default" portion of the command for a standalone server.
"/profile=default/subsystem=web/virtual-server=default-host:writeattribute(name=enable-welcome-root,value=false)"
To configure your web application to use the root context (/) as its URL address, modify the applications jboss-web.xml, which is located in the applications META-INF/ or WEB-INF/ directory. Replace its <context-root> directive with one that looks like the following:
<jboss-web>
<context-root>/</context-root>
</jboss-web>