atom feed25 messages in org.apache.tomcat.usersRe: securing tomcat...
FromSent OnAttachments
Julian LöffelhardtDec 30, 2002 11:36 am 
Wagoner, MarkDec 30, 2002 11:48 am 
Jerome "Lacoste (Frisurf)"Dec 30, 2002 11:51 am 
Julian LöffelhardtDec 30, 2002 12:29 pm 
Julian LöffelhardtDec 30, 2002 12:29 pm 
Paul YunusovDec 30, 2002 12:30 pm 
Justin L. SpiesDec 30, 2002 12:34 pm 
Remy MaucheratDec 30, 2002 12:39 pm 
Craig R. McClanahanDec 30, 2002 12:43 pm 
mechDec 30, 2002 12:50 pm 
Torsten FohrerDec 30, 2002 2:38 pm 
Dan PayneDec 30, 2002 2:42 pm 
Peiqiang HanDec 30, 2002 3:04 pm 
Julian LöffelhardtDec 30, 2002 4:55 pm 
Jerome "Lacoste (Frisurf)"Dec 31, 2002 2:42 am 
Luc FoisyDec 31, 2002 7:43 am 
Goehring, Chuck Mr., RCI - San DiegoDec 31, 2002 12:28 pm 
Jason PyeronDec 31, 2002 12:55 pm 
Ken AndersonDec 31, 2002 2:06 pm 
Brian ToppingDec 31, 2002 2:44 pm 
Gary GwinDec 31, 2002 4:03 pm 
Triptpal Singh LambaDec 31, 2002 5:21 pm 
Will HartungJan 2, 2003 2:27 pm 
Julian LöffelhardtJan 2, 2003 5:38 pm 
Will HartungJan 2, 2003 6:53 pm 
Subject:Re: securing tomcat...
From:Ken Anderson (ka@pacific.net)
Date:Dec 31, 2002 2:06:45 pm
List:org.apache.tomcat.users

Just put this in your web.xml for root webapp or others...

<error-page> <error-code>404</error-code> <location>/404error.html</location> </error-page>

and create 404error.html to say whatever you like.

Ken

Jason Pyeron wrote:

has any one put together a faq/howto on securing tomcat?

our first goal is to prevent determination of the server version by a web client.

an example of this is for url http://127.1:8080/xxdfsdf this is returned, note
the Server: Apache Coyote/1.0 and Apache Tomcat/4.1.12

HTTP/1.1 404 /xxdfsdf Content-Type: text/html;charset=ISO-8859-1 Content-Language: en-US Transfer-Encoding: chunked Date: Tue, 31 Dec 2002 20:46:09 GMT Server: Apache Coyote/1.0

<html><head><title>Apache Tomcat/4.1.12 - Error report</title><STYLE><!--H1{font-family : sans-serif,Arial,Tahoma;color : white;background-color : #0086b2;} H3{font-family : sans-serif,Arial,Tahoma;color : white;background-color : #0086b2;} BODY{font-family : sans-serif,Arial,Tahoma;color : black;background-color : white;} B{color : white;background-color : #0086b2;} HR{color : #0086b2;} --></STYLE> </head><body><h1>HTTP Status 404 - /xxdfsdf</h1><HR size="1" noshade><p><b>ty pe</b> Status report</p><p><b>message</b> <u>/xxdfsdf</u></p><p><b>description</b> <u>The requested resource (/xxdfsdf) is not available.</u></p><HR size="1" noshade><h3>Apache Tomcat/4.1.12</h3></body></html>

-- To unsubscribe, e-mail: <mailto:tomc@jakarta.apache.org> For additional commands, e-mail: <mailto:tomc@jakarta.apache.org>