DWR publishes some index of classes under [context root]/dwr/. The index contains links to more details about the services. This seems like information leakage to me and I would like to hide/unpublish these pages so they are not accesible.
How can I configure DWR to hide this class index?
Found a great pentesting blog that talks about it here: http://gerionsecurity.com/2012/09/experiences-in-pentesting-dwr/
Essentially you disable debugging in in web.xml when you configure the servlet.
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>false</param-value>
</init-param>
</servlet>