By default crowd root
(/) requests go a landing page that provides a link to setting up crowd, a few demo applications (which outlines using Crowd with OpenID etc.). I'd prefer not to have this landing page publicly accessible.
One way around this is to simply redirect all traffic NOT to the
/crowd/ context to the
/crowd/ context. So, any traffic to
/openidserver/ will get redirected to the proper crowd application login. You can do this using your preferred web server (Apache, nginx, ...).
I use Apache2 and outline it's use specifically for Atlassian web apps here. Below is part of my VirtualHost config for Crowd, with the redirect enabled
Lines 8-11 show the rewrite rule that is used to redirect traffic to the
Line 10 will also redirect the
about.jsp page back to the main login page. I prefer to keep everything locked down and not accessible publicly, including the about page with information about versions etc.