2025-12-04 update to web vulnerability

pom.xml

@@ -104,6 +104,11 @@
 			<artifactId>commons-dbcp2</artifactId>
 			<version>2.1.1</version>
 		</dependency>
+		<dependency>
+			<groupId>org.apache.commons</groupId>
+			<artifactId>commons-text</artifactId>
+			<version>1.9</version>
+		</dependency>
         <dependency>
 		    <groupId>org.egovframe.rte</groupId>
 		    <artifactId>org.egovframe.rte.psl.dataaccess</artifactId>

src/main/java/egovframework/com/its/web/server/config/CorsFilter.java

@@ -1,6 +1,7 @@
 package egovframework.com.its.web.server.config;
 
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
 
 import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
@@ -8,6 +9,7 @@ import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
 @Slf4j
+@Component
 public class CorsFilter implements Filter {
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
@@ -20,12 +22,14 @@ public class CorsFilter implements Filter {
         HttpServletRequest req = (HttpServletRequest) request;
         res.setHeader("Cache-Control", "no-store");
         res.setHeader("Pragma", "no-cache");
+        res.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
         if (request.getProtocol().equals("HTTP/1.1")) res.setHeader("Cache-Control", "no-cache");
         res.setHeader("Content-Security-Policy",
-                "default-src 'self' 'unsafe-inline' ws://its1.pyeongtaek.go.kr wss://its1.pyeongtaek.go.kr https://dapi.kakao.com http://*.daumcdn.net https://*.daumcdn.net; "+
-                "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dapi.kakao.com http://*.daumcdn.net https://*.daumcdn.net; " +
-                "style-src 'self' 'unsafe-inline' https://dapi.kakao.com http://*.daumcdn.net https://*.daumcdn.net; "+
-                "img-src 'self' data: https: 'unsafe-inline' https://dapi.kakao.com http://*.daumcdn.net https://*.daumcdn.net;");
+                "default-src 'self' ws://its1.pyeongtaek.go.kr wss://its1.pyeongtaek.go.kr https://dapi.kakao.com http://*.daumcdn.net https://*.daumcdn.net; "+
+                "script-src 'self' 'unsafe-inline' https://code.jquery.com/ui/1.12.1/jquery-ui.js https://code.jquery.com/jquery-3.2.1.min.js https://dapi.kakao.com http://*.daumcdn.net https://*.daumcdn.net; " +
+                "style-src 'self' 'unsafe-inline' https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://dapi.kakao.com http://*.daumcdn.net https://*.daumcdn.net; "+
+                "img-src 'self' data: https: https://dapi.kakao.com http://*.daumcdn.net https://*.daumcdn.net; " +
+                "object-src 'none'; base-uri 'self'; form-action 'self';");
         res.setHeader("X-Content-Type-Options", "nosniff");
         res.setHeader("X-Frame-Options", "SAMEORIGIN");
         res.setHeader("X-Xss-Protection", "1; mode=block");
@@ -33,7 +37,48 @@ public class CorsFilter implements Filter {
         res.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload");
 
         req.setCharacterEncoding("UTF-8");
+        String uri = req.getRequestURI();
+        String method = req.getMethod().toUpperCase();
+
+        if (uri.contains(".well-known") || uri.contains("com.chrome.devtools.json")) {
+            res.setStatus(HttpServletResponse.SC_OK);
+            res.setContentType("application/json");
+            res.setCharacterEncoding("UTF-8");
+            res.getWriter().write("{\"status\": \"ok\", \"message\": \"Chrome DevTools auto request ignored\"}");
+            return;
+        }
+
+        // 1) 위험한 HTTP 메소드 차단
+        if ("PUT".equals(method) || "DELETE".equals(method) ||
+                "OPTIONS".equals(method) || "TRACE".equals(method)) {
+            res.sendError(404);
+            return;
+        }
+
+        // 2) Axis2 AdminService 차단
+        if (uri.contains("axis2")) {
+            res.sendError(404);
+            return;
+        }
+
+        // 3) Dreamweaver _mmServerScripts 폴더 차단
+        if (uri.contains("_mmServerScripts")) {
+            res.sendError(404);
+            return;
+        }
+
+        if (uri.contains("Connections")) {
+            res.sendError(404);
+            return;
+        }
+
+        if (uri.contains("etc")) {
+            res.sendError(404);
+            return;
+        }
+
         chain.doFilter(request, response);
+
     }
 
     @Override

src/main/java/egovframework/com/its/web/server/config/HTMLCharacterEscapes.java

@@ -0,0 +1,40 @@
+package egovframework.com.its.web.server.config;
+
+import com.fasterxml.jackson.core.SerializableString;
+import com.fasterxml.jackson.core.io.CharacterEscapes;
+import com.fasterxml.jackson.core.io.SerializedString;
+import org.apache.commons.text.StringEscapeUtils;
+
+public class HTMLCharacterEscapes extends CharacterEscapes {
+    private static final long serialVersionUID = 1L;
+    private final int[] asciiEscapes;
+
+    public HTMLCharacterEscapes() {
+        //XSS 방지 처리할 특수 문자 지정
+        asciiEscapes = CharacterEscapes.standardAsciiEscapesForJSON();
+        asciiEscapes['<'] = CharacterEscapes.ESCAPE_CUSTOM;
+        asciiEscapes['>'] = CharacterEscapes.ESCAPE_CUSTOM;
+        asciiEscapes['&'] = CharacterEscapes.ESCAPE_CUSTOM;
+        asciiEscapes['\"'] = CharacterEscapes.ESCAPE_CUSTOM;
+        asciiEscapes['('] = CharacterEscapes.ESCAPE_CUSTOM;
+        asciiEscapes[')'] = CharacterEscapes.ESCAPE_CUSTOM;
+        asciiEscapes['#'] = CharacterEscapes.ESCAPE_CUSTOM;
+        asciiEscapes['\''] = CharacterEscapes.ESCAPE_CUSTOM;
+
+    }
+
+    @Override
+    public int[] getEscapeCodesForAscii() {
+        int[] cloneAsciiEscapes = new int[asciiEscapes.length];
+        for (int ii = 0; ii < cloneAsciiEscapes.length; ii++) {
+            cloneAsciiEscapes[ii] = this.asciiEscapes[ii];
+        }
+        return cloneAsciiEscapes;
+    }
+
+    @Override
+    public SerializableString getEscapeSequence(int ch) {
+        //Escape 처리
+        return new SerializedString(StringEscapeUtils.escapeHtml4(Character.toString((char) ch)));
+    }
+}

src/main/java/egovframework/com/its/web/server/config/WebMvcConfigure.java

@@ -21,9 +21,12 @@ public class WebMvcConfigure implements WebMvcConfigurer {
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(adminInterceptor).addPathPatterns("/ptatms/index.do");
-        registry.addInterceptor(logAdapterInterceptor).addPathPatterns("/main/main.do", "/intro/*", "/traffic/*",
-                "/statistics/info.do", "/statistics/ixrTrafficStats.do", "/statistics/connStat.do", "/archive/archiveList.do",
-                "/notice/noticeList.do", "/parking/parking.do", "/relate/relateSite.do");
+        registry.addInterceptor(logAdapterInterceptor).addPathPatterns("/main/main.do",
+                "/intro/location.do", "/intro/service.do", "/intro/center.do",
+                "/traffic/cctv.do", "/traffic/popupCctv.do", "/traffic/popupCctvM.do",
+                "/traffic/vms.do", "/traffic/incd.do", "/traffic/realtime.do",
+                "/statistics/info.do", "/statistics/ixrTrafficStats.do", "/statistics/connStat.do",
+                "/archive/archiveList.do", "/notice/noticeList.do", "/relate/relateSite.do");
         registry.addInterceptor(loginAdapterInterceptor).addPathPatterns("/ptatms/**/*").excludePathPatterns("/ptatms/index.do", "/ptatms/login.do");
     }
 }

src/main/java/egovframework/com/its/web/server/config/XssConfig.java

@@ -0,0 +1,20 @@
+package egovframework.com.its.web.server.config;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
+
+@Configuration
+@RequiredArgsConstructor
+public class XssConfig {
+    private final ObjectMapper objectMapper;
+
+    @Bean
+    public MappingJackson2HttpMessageConverter jacksonEscapeConverter() {
+        ObjectMapper copy = objectMapper.copy();
+        copy.getFactory().setCharacterEscapes(new HTMLCharacterEscapes());
+        return new MappingJackson2HttpMessageConverter(copy);
+    }
+}

src/main/java/egovframework/com/its/web/server/config/XxeConfig.java

@@ -2,6 +2,7 @@ package egovframework.com.its.web.server.config;
 
 import lombok.extern.slf4j.Slf4j;
 import org.dom4j.io.SAXReader;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.xml.sax.SAXException;
 import org.xml.sax.SAXNotRecognizedException;
@@ -22,23 +23,16 @@ import javax.xml.validation.SchemaFactory;
 public class XxeConfig {
 
     private void documentBuilderFactory() {
-        log.info("XxeConfig.documentBuilderFactory.");
+//        log.info("XxeConfig.documentBuilderFactory.");
+
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-        //DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance("com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl", null);
 
         try {
-            // to be compliant, completely disable DOCTYPE declaration:
             factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-            // or completely disable external entities declarations:
             factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
             factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
-            // or prohibit the use of all protocols by external entities:
-            //factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
-            //factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
-            // or disable entity expansion but keep in mind that this doesn't prevent fetching external entities
-            // and this solution is not correct for OpenJDK < 13 due to a bug: https://bugs.openjdk.java.net/browse/JDK-8206132
+            factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
             factory.setExpandEntityReferences(false);
-            // and these as well, per Timothy Morgan's 2014 paper: "XML Schema, DTD, and Entity Attacks"
             factory.setXIncludeAware(false);
         } catch (ParserConfigurationException e) {
             log.error("XxeConfig.documentBuilderFactory: ParserConfigurationException.");
@@ -46,7 +40,7 @@ public class XxeConfig {
     }
 
     private void saxParserFactory() {
-        log.info("XxeConfig.saxParserFactory.");
+//        log.info("XxeConfig.saxParserFactory.");
         SAXParserFactory factory = SAXParserFactory.newInstance();
         try {
             // to be compliant, completely disable DOCTYPE declaration:
@@ -54,6 +48,7 @@ public class XxeConfig {
             // or completely disable external entities declarations:
             factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
             factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
             // or prohibit the use of all protocols by external entities:
             SAXParser parser = null; // Noncompliant
             parser = factory.newSAXParser();
@@ -71,7 +66,7 @@ public class XxeConfig {
     }
 
     private void xmlInputFactory() {
-        log.info("XxeConfig.xmlInputFactory.");
+//        log.info("XxeConfig.xmlInputFactory.");
         XMLInputFactory factory = XMLInputFactory.newInstance();
         // to be compliant, completely disable DOCTYPE declaration:
         factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
@@ -84,7 +79,7 @@ public class XxeConfig {
     }
 
     private void transformerFactory() {
-        log.info("XxeConfig.transformerFactory.");
+//        log.info("XxeConfig.transformerFactory.");
         TransformerFactory factory = TransformerFactory.newInstance();
         // to be compliant, prohibit the use of all protocols by external entities:
         //factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
@@ -92,7 +87,7 @@ public class XxeConfig {
     }
 
     private void schemaFactory() {
-        log.info("XxeConfig.schemaFactory.");
+//        log.info("XxeConfig.schemaFactory.");
         SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
         // to be compliant, completely disable DOCTYPE declaration:
         try {
@@ -108,7 +103,7 @@ public class XxeConfig {
     }
 
     private void saxReader() {
-        log.info("XxeConfig.saxReader.");
+//        log.info("XxeConfig.saxReader.");
         SAXReader xmlReader = new SAXReader();
         try {
             xmlReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
@@ -167,7 +162,7 @@ public class XxeConfig {
         System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl");
 
         documentBuilderFactory();
-        //saxParserFactory();
+        saxParserFactory();
         xmlInputFactory();
         transformerFactory();
         //schemaFactory();

src/main/java/egovframework/com/its/web/server/controller/AchiveController.java

@@ -5,6 +5,7 @@ import egovframework.com.its.web.server.util.PageCriteria;
 import egovframework.com.its.web.server.vo.NoticeVO;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.math.NumberUtils;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -34,7 +35,7 @@ public class AchiveController {
     public String archiveListPage(Model model, @PathVariable(required = false) String page) {
         HashMap <String, String> paramMap = new HashMap<>();
         paramMap.put("boardId", "2");
-        if (page != null) {
+        if (NumberUtils.isParsable(page)) {
             paramMap.put("page", page);
         }
         Map<String, Object> resultMap = noticeService.selectBoardList(paramMap, this.criteria);

src/main/java/egovframework/com/its/web/server/controller/NoticeController.java

@@ -57,7 +57,7 @@ public class NoticeController {
         return "notice/noticeView.tiles";
     }
 
-    @RequestMapping(value = "/notice/getFile.do", method = RequestMethod.GET, produces = "application/json; charset=UTF8")
+    @RequestMapping(value = "/notice/getFile.do", method = RequestMethod.POST, produces = "application/json; charset=UTF8")
     @ResponseBody
     public ResultVO getFile(HttpServletRequest request, HttpServletResponse response, @RequestParam Map<String, Object> paramMap, @Value("${attach_path}") String attachFilePath) {
         return this.noticeService.attatchedFileDownload(paramMap, attachFilePath);

src/main/java/egovframework/com/its/web/server/interceptors/LogAdapterInterceptor.java

@@ -36,6 +36,7 @@ public class LogAdapterInterceptor implements HandlerInterceptor {
         boolean isStatistics = true;
         Map<String, Object> paramMap = new HashMap<>();
         String requestUri = request.getRequestURI();
+
         String requestAction = requestUri.substring(requestUri.lastIndexOf("/") + 1);
         if (requestAction.contains(";")) {
             requestAction = requestAction.substring(0, requestAction.indexOf(";"));

src/main/java/egovframework/com/its/web/server/util/CommonPath.java

@@ -11,8 +11,6 @@ public class CommonPath {
     private String uploadPath;
 
     public CommonPath(@Value("${attatch_path}") String filePath, @Value("${upload_path}") String uploadPath) {
-        log.info(filePath);
-        log.info(uploadPath);
         this.filePath = filePath;
         this.uploadPath = uploadPath;
     }

src/main/resources/application.yml

@@ -16,12 +16,12 @@ server:
 #    key-store: C:\OpenSSL\bin\keystore
 #    key-store-type: PKCS12
 #    key-store-password: 1234
-  error:
-    whitelabel:
-      enabled: false
-    include-exception: false
-    include-stacktrace: never
-    path: /error
+#  error:
+#    whitelabel:
+#      enabled: false
+#    include-exception: false
+#    include-stacktrace: never
+#    path: /error
 #    static-locations: file:src/main/resources/static/
 
   #tomcat:
@@ -116,18 +116,6 @@ server:
   port: 443
 
 ---
-#spring:
-#  config:
-#    activate:
-#      on-profile: prod
-#  datasource:
-#    driver-class-name: oracle.jdbc.driver.OracleDriver
-#    url: jdbc:oracle:thin:@115.91.94.42:1522:HANTE19C
-#    username: ptatms
-#    password: ptatms
-#apiKey: d63cb13f040afc64412390c1c84288a6
-#attach_path: D:/PTATMS/its-web-server/web-data/attatchFile
-#upload_path: D:/PTATMS/its-web-server/web-data/upload
 
 spring:
   config:

src/main/webapp/WEB-INF/jsp/egovframework/archive/list.jsp

@@ -117,7 +117,6 @@
                 searchText: searchText,
             },
             success: (res) => {
-                console.log(res);
                 const {noticeList, pageMaker} = res;
                 $boardList.empty();
                 $paging.empty();
@@ -126,23 +125,23 @@
                     for (let item of noticeList) {
                         str +=
                             `<dl>
-                                <a href="/archive/listView/\${item.boardNo}.do" title="\${item.bSubject}">`;
+                                <a href="/archive/listView/\${item.boardno}.do" title="\${item.bsubject}">`;
                         if (item.bNotice === 'Y') {
                             str += `<dd class="board-noti"><span class='blue'>공지</span></dd>`;
                         } else {
                             str += `<dd class="board-noti"><span></span></dd>`;
                         }
 
-                        str += `<dd class="board-no">\${item.boardNo }</dd>
-                                    <dd class="board-title">\${item.bSubject }</dd>
+                        str += `<dd class="board-no">\${item.boardno }</dd>
+                                    <dd class="board-title">\${item.bsubject }</dd>
                                     <dd class="board-writer">`;
 
-                        if (item.attachFile != '||') {
+                        if (item.attachfile != '||') {
                             str += `<img src="/images/icon_file.png" alt="첨부파일" />`;
                         }
                         str += `</dd>
-                                    <dd class="board-day">\${item.regDate}</dd>
-                                    <dd class="board-count">\${item.readCount }</dd>
+                                    <dd class="board-day">\${item.regdate}</dd>
+                                    <dd class="board-count">\${item.readcount }</dd>
                                 </a>
                             </dl>`;
                     }

src/main/webapp/WEB-INF/jsp/egovframework/main/popup.jsp

@@ -5,7 +5,7 @@
 <html lang="ko">
 <head>
     <meta charset="UTF-8">
-    <meta http-equiv="Content-Type" content= "text/html; charset= utf-8">
+    <meta http-equiv="Content-Type" content= "text/html; charset=UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="Content-Script-Type" content="text/javascript">
     <meta http-equiv="Content-Style-Type" content="text/css">

src/main/webapp/WEB-INF/jsp/egovframework/notice/noticeList.jsp

@@ -125,18 +125,15 @@
                 searchText : searchText,
             },
             success: (res)=>{
-                console.log(res);
                 const {noticeList, pageMaker} = res;
                 $boardList.empty();
                 $paging.empty();
                 if (noticeList && noticeList.length) {
                     let str = '';
                     for (let item of noticeList) {
-                        console.log(item);
-                        console.log(item.boardNo);
                         str +=
                             `<dl>
-                                <a href="/notice/noticeView/\${item.boardNo}.do" title="\${item.bSubject}">`;
+                                <a href="/notice/noticeView/\${item.boardno}.do" title="\${item.bsubject}">`;
                         if (item.bNotice === 'Y') {
                             str += `<dd class="board-noti"><span class='blue'>공지</span></dd>`;
                         }
@@ -144,16 +141,16 @@
                             str += `<dd class="board-noti"><span></span></dd>`;
                         }
 
-                        str += `<dd class="board-no">\${item.boardNo }</dd>
-                                    <dd class="board-title">\${item.bSubject }</dd>
+                        str += `<dd class="board-no">\${item.boardno }</dd>
+                                    <dd class="board-title">\${item.bsubject }</dd>
                                     <dd class="board-writer">`;
 
                         if (item.attachFile != '||') {
                             str += `<img src="/images/icon_file.png" alt="첨부파일" />`;
                         }
                         str +=`</dd>
-                                    <dd class="board-day">\${item.regDate}</dd>
-                                    <dd class="board-count">\${item.readCount }</dd>
+                                    <dd class="board-day">\${item.regdate}</dd>
+                                    <dd class="board-count">\${item.readcount }</dd>
                                 </a>
                             </dl>`;
                     }
@@ -181,6 +178,7 @@
                 }
             },
             error: (error)=>{
+                console.log(error);
                 alert(error.message);
             }
         });

src/main/webapp/WEB-INF/jsp/egovframework/tiles/empty.jsp

@@ -11,9 +11,8 @@
     <link rel="stylesheet" href="https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css">
     <link rel="stylesheet" type="text/css" href="/common/css/Exsting_style.css" />
     <script type="text/javascript" src="/js/common.js?v=20250526"></script>
-    <script src="https://code.jquery.com/jquery-1.12.4.js"></script>
-    <script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
     <script src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
+    <script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
 
 <%--    <link href="/common/bootstrap-5.1.3-dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">--%>
 <%--    <link rel="stylesheet" type="text/css" href="/common/css/reset.css" />--%>

src/main/webapp/WEB-INF/jsp/egovframework/tiles/template.jsp

@@ -6,7 +6,7 @@
 <html lang="ko">
 <head>
     <meta charset="UTF-8">
-    <meta http-equiv="Content-Type" content= "text/html; charset= utf-8">
+    <meta http-equiv="Content-Type" content= "text/html; charset=UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="Content-Script-Type" content="text/javascript">
     <meta http-equiv="Content-Style-Type" content="text/css">

src/main/webapp/WEB-INF/jsp/egovframework/traffic/cctvPopup.jsp

@@ -5,7 +5,7 @@
 <html lang="ko">
 <head>
     <meta charset="UTF-8">
-    <meta http-equiv="Content-Type" content= "text/html; charset= utf-8">
+    <meta http-equiv="Content-Type" content= "text/html; charset=UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="Content-Script-Type" content="text/javascript">
     <meta http-equiv="Content-Style-Type" content="text/css">

src/main/webapp/WEB-INF/jsp/egovframework/traffic/cctvPopupM.jsp

@@ -5,7 +5,7 @@
 <html lang="ko">
 <head>
     <meta charset="UTF-8">
-    <meta http-equiv="Content-Type" content= "text/html; charset= utf-8">
+    <meta http-equiv="Content-Type" content= "text/html; charset=UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta http-equiv="Content-Script-Type" content="text/javascript">
     <meta http-equiv="Content-Style-Type" content="text/css">

src/main/webapp/error.jsp

@@ -0,0 +1,22 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="ko">
+<head>
+<link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>잘못된 접근입니다.</title>
+</head>
+<body>
+<div id="error">
+	<div id="errorBox">
+	<div style="margin:0 auto;text-align: center; padding-top: 20px;">
+	<img style="width:35%;" src="/images/topLogo.png" alt="잘못된 접근입니다.">
+	</div>
+	<p style="font-size:25px; text-align: center; padding-top: 30px;">잘못된 접근입니다.</p>
+		<div class="buttonWrap" style="text-align: center;">
+			<a href="/main/main.do" class="bt edit">메인</a>
+		</div>
+	</div>
+</div>
+</body>
+</html>

src/main/webapp/index.jsp

@@ -1,2 +1,2 @@
 <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
-<jsp:forward page="/main/Main.do"/>
+<jsp:forward page="/main/main.do"/>

src/main/webapp/js/common.js

@@ -332,7 +332,6 @@ _CctvCtlrObj = function (obj) {
     kakao.maps.event.addListener(this.cctvMarker, 'click', ()=>cctvClickEvt(this));
 
     function cctvClickEvt(obj) {
-        console.log(obj);
         let cctvList = $('#cctvList');
         if (_cctvPopupObj && _popUp) {
             _cctvPopupObj.click = false;
@@ -346,9 +345,9 @@ _CctvCtlrObj = function (obj) {
             }
         }
 
-        if ($("#video").length > 0) {
-            videojs("video").dispose();
-        }
+        // if ($("#video").length > 0) {
+        //     videojs("video").dispose();
+        // }
         clearCctvInterval();
 
         if (cctvList.length > 0) {
@@ -2039,7 +2038,7 @@ function fileDownload(fileId, fileName, boardNo) {
             fileName : encodeURIComponent(fileName),
             boardNo : boardNo,
         },
-        method : "GET",
+        method : "POST",
         success : (req)=> {
             if (!req) {
                 alert("파일 다운로드 중 오류가 발생하였습니다.");