A concern has been raised about the fact that one can see the basic SLES (probably Tomcat) web server page on the webaccess server, if you remove the gw/webacc part of the URL.
Since this page displays the version of SLES, etc. someone in my company believes this to be a security issue.
I'm in the middle of redesigning the entire GW and File Server Infrastructure, and I don't believe that this is much of a priority, I want to be sure something I think of as minor is not a major issue.
So, on the off chance that this IS a major security hole that I am not aware of, I am asking you all if this is an issue.
I've often wondered about Best Practices around obscuring the (to me) needlessly long www.example.com/gw/webacc 's lower folder structure and I didn't find good answers to this when I did my initial look upon arriving at this company. Neither did any of the previous admins.
So, is there a way to address this? Is this something to be concerned about? Does anyone else have this issue?