You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "Andy Huang (Jira)" <ji...@apache.org> on 2020/09/22 04:24:00 UTC

[jira] [Created] (GEODE-8518) How should I do to turn off the Jetty version messages when occur 404 error in Geode

Andy Huang created GEODE-8518:
---------------------------------

             Summary: How should I do to turn off the Jetty version messages when occur 404 error in Geode
                 Key: GEODE-8518
                 URL: https://issues.apache.org/jira/browse/GEODE-8518
             Project: Geode
          Issue Type: Improvement
          Components: security
    Affects Versions: 1.13.0, 1.6.0
            Reporter: Andy Huang


We are using apache geode v1.6.0 and we also use Geode rest api. However, when our customer do vulnerability test, they found a potential security risk and we need to fix that..

The report says, http://:7070 shows the following message
{quote}HTTP ERROR 404
Problem accessing /. Reason:

Not Found
**Powered by Jetty:// 9.4.8.v20171121**
{quote}
As you can see, Jetty version was shown, and this is reported as a risk. I searched a lot and found we can turn off the message by configure Jetty setting as follows
{quote}{{<Item>
 <New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler">
     <Set name="showContexts">false</Set>
 </New>
</Item>}}
{quote}
But, Jetty is embedded in the Geode, how should I do to set the showContexts to false?

Any suggestion will be appreciate, thanks a lot.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)