The rule is that anything you need to access by a URL cannot be places in WEB-INF, because WEB-INF and its contents are invisible as URL resources. So you can place Facelets include files under WEB-INF, since they're accessed as resources, but the top-level page resources have to be external to WEB-INF, since you use URLs to select them for
JSF processing.
There are several ways to make the raw resources off-limits. If you are using standard
J2EE container security, just write a security rule in WEB-INF/web.xml to block access to "*.xhtml". That will give a 403 FORBIDDEN. If you prefer a 404 NOT FOUND, you can write a small
servlet, map it to "*.xhtml" and have it return a 404 response code for anything sent to it.
A servlet filter can also do the job. The main disadvantage to the filter approach is that if you make a mistake, it can have an impact on other URL requests as well as URLs ending in ".xhtml".