Disable access to jsp files on apache server

I'm sorry if I ask a question that's been asked before, but I could not find my answer on the website after a few hours of research. My problem is that I'm using tomcat on my server, and everything works fine, except that I can access all the jsp and jspf pages on the website by directly typing the path to the file in the url, but this is a very bad security. I would like to only be able to type in the address of the website, if any subdirectory is called then should redirect to the base url.

I tried to do this with a RedirectRule, but could never get it to work (will always allow access).

I also tried with but it still didn't work.

Thanks in advance for your answ开发者_如何学Pythoners

Put them in /WEB-INF folder. Then they're only accessible by RequestDispatcher in a controlling servlet or by <jsp:include>.