You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Gary Gwin <to...@cafesoft.com> on 2003/01/01 01:04:00 UTC

Re: securing tomcat...

Jason,

If by securing you mean hardening, well then no. But we have posted a 
white paper on Tomcat security according to the servlet specification:

http://www.cafesoft.com/products/cams/tomcat-security.html

Gary

Jason Pyeron wrote:

>has any one put together a faq/howto on securing tomcat?
>
>our first goal is to prevent determination of the server version by a web 
>client.
>
>an example of this is for url http://127.1:8080/xxdfsdf this is returned, note the Server: 
>Apache Coyote/1.0 and Apache Tomcat/4.1.12
>
>HTTP/1.1 404 /xxdfsdf
>Content-Type: text/html;charset=ISO-8859-1
>Content-Language: en-US
>Transfer-Encoding: chunked
>Date: Tue, 31 Dec 2002 20:46:09 GMT
>Server: Apache Coyote/1.0
>
><html><head><title>Apache Tomcat/4.1.12 - Error 
>report</title><STYLE><!--H1{font-family : sans-serif,Arial,Tahoma;color
>: white;background-color : #0086b2;} H3{font-family : 
>sans-serif,Arial,Tahoma;color : white;background-color : #0086b2;}
> BODY{font-family : sans-serif,Arial,Tahoma;color : black;background-color 
>: white;} B{color : white;background-color :
>#0086b2;} HR{color : #0086b2;} --></STYLE> </head><body><h1>HTTP Status 
>404 - /xxdfsdf</h1><HR size="1" noshade><p><b>ty
>pe</b> Status report</p><p><b>message</b> 
><u>/xxdfsdf</u></p><p><b>description</b> <u>The requested resource 
>(/xxdfsdf)
>is not available.</u></p><HR size="1" noshade><h3>Apache 
>Tomcat/4.1.12</h3></body></html>
>
>  
>

-- 

Gary Gwin
http://www.cafesoft.com

*****************************************************************
*                                                               *
*   The Cafesoft Access Management System, Cams, is security    *
*   software that provides single sign-on authentication and    *
*   centralized access control for Apache, Tomcat, and custom   *
*   resources.                                                  *
*                                                               *
*****************************************************************



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>