Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hide Tomcat version in error messages #151

Closed
randomorder opened this issue Jul 12, 2024 · 3 comments
Closed

Hide Tomcat version in error messages #151

randomorder opened this issue Jul 12, 2024 · 3 comments
Assignees
@mo3rfan
Labels
DevOps

Comments

@randomorder
Copy link
Member

On errors, tomcat shows the server version by default at the bottom of the error report page
image

Which is not ideal from a security standpoint. This information could be used to look for known exploits by attackers.
@randomorder randomorder self-assigned this Jul 12, 2024
@randomorder
Copy link
Member Author

One way to disable the version number report is by changing the server.xml file
https://docs.rocketsoftware.com/bundle/mobius_ig_123/page/sup1694713740938.html

<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/>

@randomorder randomorder assigned mo3rfan and unassigned randomorder Jul 16, 2024
@randomorder
Copy link
Member Author

Check what we are doind for CORS https://github.com/geosolutions-it/docker-geoserver/blob/master/entrypoint.sh . We could apply a similar replacement to the server.xml file

@mo3rfan mo3rfan mentioned this issue Jul 17, 2024
Merged
@randomorder
Copy link
Member Author

thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mo3rfan mo3rfan

Labels
DevOps
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mo3rfan @randomorder