how to control the access rights of webadmin/images directory ?

[linxd]

you can browse the webadmin/js/；webadmin/images without login. it's an security risk. how to close the access right?

[rshirsagar555-lang]

You’re right, allowing public access to webadmin/images or webadmin/js can be a security risk. To control access, you can:

1. Use web server configuration (Apache/Nginx) to restrict access:

• For Apache, add an .htaccess file in the directory with:

css
Require all denied

• For Nginx, use:

nginx
location /webadmin/images/ {
deny all;
}

2. Protect with authentication if certain users need access.

3. Move sensitive files outside the web root if possible.

This will prevent unauthenticated browsing while keeping the application secure.

[pacmano1]

Mirth is using neither apache nor nginx. What question are you answering here? It's great that you're jumping in here to answer some questions, but it looks like you might be using AI (which is fine), but please verify your answers before posting. I suspect the original post is asking how to fix this within mirth itself. Which is likely a source code change.

[rshirsagar555-lang]

Thanks for clarifying, that makes sense. Since Mirth is running on Jetty and not Apache/Nginx, do you know if the only option here is a source code change, or is there a way to configure Jetty/Mirth itself to restrict static resource access (like /webadmin/images)?

I’m curious whether this has to be patched at the code level, or if there’s an existing configuration approach that can be used.