You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2014/04/27 20:43:59 UTC
svn commit: r1590451 - in /tomcat/trunk/webapps/docs: changelog.xml
config/valve.xml security-howto.xml
Author: kkolinko
Date: Sun Apr 27 18:43:58 2014
New Revision: 1590451
URL: http://svn.apache.org/r1590451
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56383
Document the new feature on the "security HowTO" page.
Move error valve documentation lower in the valves list
(access log valves and access control valves should be the first ones there).
Modified:
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/valve.xml
tomcat/trunk/webapps/docs/security-howto.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1590451&r1=1590450&r2=1590451&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Sun Apr 27 18:43:58 2014
@@ -110,7 +110,7 @@
<add>
<bug>56383</bug>: Properties for disabling server information and error
report are added to the <code>org.apache.catalina.valves.ErrorReportValve</code>.
- Based on the patch provided by Nick Bunn. (violetagg)
+ Based on the patch provided by Nick Bunn. (violetagg/kkolinko)
</add>
<fix>
<bug>56390</bug>: Fix JAR locking issue with JARs containing TLDs and
Modified: tomcat/trunk/webapps/docs/config/valve.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/valve.xml?rev=1590451&r1=1590450&r2=1590451&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/valve.xml (original)
+++ tomcat/trunk/webapps/docs/config/valve.xml Sun Apr 27 18:43:58 2014
@@ -339,54 +339,6 @@
</section>
-<section name="Error Report Valve">
-
- <subsection name="Introduction">
-
- <p>The <strong>Error Report Valve</strong> is a simple error handler
- for HTTP status codes that will generate and return HTML error pages.</p>
-
- <p><strong>NOTE:</strong> Disabling both showServerInfo and showReport will
- only return the HTTP status code and remove all CSS.</p>
-
- </subsection>
-
- <subsection name="Attributes">
-
- <p>The <strong>Error Report Valve</strong> supports the following
- configuration attributes:</p>
-
- <attributes>
-
- <attribute name="className" required="true">
- <p>Java class name of the implementation to use. This MUST be set to
- <strong>org.apache.catalina.valves.ErrorReportValve</strong> to use the
- default error report valve.</p>
- </attribute>
-
- <attribute name="showReport" required="false">
- <p>Flag to determine if the error report is presented when an error occurs.
- If set to <code>false</code>, then the error report is not in
- the HTML response.
- Default value: <code>true</code>
- </p>
- </attribute>
-
- <attribute name="showServerInfo" required="false">
- <p>Flag to determine if server information is presented when an error occurs.
- If set to <code>false</code>, then the server version is not returned in
- the HTML response.
- Default value: <code>true</code>
- </p>
- </attribute>
-
- </attributes>
-
- </subsection>
-
-</section>
-
-
<section name="Extended Access Log Valve">
<subsection name="Introduction">
@@ -640,6 +592,54 @@
</section>
+<section name="Error Report Valve">
+
+ <subsection name="Introduction">
+
+ <p>The <strong>Error Report Valve</strong> is a simple error handler
+ for HTTP status codes that will generate and return HTML error pages.</p>
+
+ <p><strong>NOTE:</strong> Disabling both showServerInfo and showReport will
+ only return the HTTP status code and remove all CSS.</p>
+
+ </subsection>
+
+ <subsection name="Attributes">
+
+ <p>The <strong>Error Report Valve</strong> supports the following
+ configuration attributes:</p>
+
+ <attributes>
+
+ <attribute name="className" required="true">
+ <p>Java class name of the implementation to use. This MUST be set to
+ <strong>org.apache.catalina.valves.ErrorReportValve</strong> to use the
+ default error report valve.</p>
+ </attribute>
+
+ <attribute name="showReport" required="false">
+ <p>Flag to determine if the error report is presented when an error
+ occurs. If set to <code>false</code>, then the error report is not in
+ the HTML response.
+ Default value: <code>true</code>
+ </p>
+ </attribute>
+
+ <attribute name="showServerInfo" required="false">
+ <p>Flag to determine if server information is presented when an error
+ occurs. If set to <code>false</code>, then the server version is not
+ returned in the HTML response.
+ Default value: <code>true</code>
+ </p>
+ </attribute>
+
+ </attributes>
+
+ </subsection>
+
+</section>
+
+
<section name="Single Sign On Valve">
<subsection name="Introduction">
Modified: tomcat/trunk/webapps/docs/security-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1590451&r1=1590450&r2=1590451&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/trunk/webapps/docs/security-howto.xml Sun Apr 27 18:43:58 2014
@@ -348,8 +348,10 @@
<p>The default ErrorReportValve includes the Tomcat version number in the
response sent to clients. To avoid this, custom error handling can be
- configured within each web application. Alternatively, the version number
- can be changed by creating the file
+ configured within each web application. Alternatively, you can explicitly
+ configure an <a href="config/valve.html">ErrorReportValve</a> and set its
+ <strong>showServerInfo</strong> attribute to <code>false</code>.
+ Alternatively, the version number can be changed by creating the file
CATALINA_BASE/lib/org/apache/catalina/util/ServerInfo.properties with
content as follows:</p>
<source>server.info=Apache Tomcat/<version-major-minor/>.x</source>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org