You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Joseph Michaud <Jo...@smartbear.com> on 2022/04/01 22:53:19 UTC
handling invalid URL
As I understand it, an ErrorReportValve is an application-level filter. An HTTP request error (like an unknown URL) that reaches it will be processed. With the ErrorReportValve I can modify the information presented in the report. However, an *invalid* URL is not assignable to any application. No ErrorReportValve would apply to it.
An invalid URL generates a 400 response. In Tomcat 8.5, there was no error report included in that response. In Tomcat 9.0, the default error report is included. The default error report includes Tomcat version information. Some security-conscious customers don't want version information displayed but now, with Tomcat 9.0, I cannot remove that information.
I think the answer is 'no', but I'll ask anyway.... Is there a global-level ErrorReportValve capability? Or some facility to easily remove the version information from an 'invalid URL' error report? (I'm aware of modifying the ServerInfo.properties file, but that affects more than just the error report...)
Joe
We hope you found this email of interest; however, click here if you wish to unsubscribe<http://www2.smartbear.com/SubscriptionCenter.html?utm_source=outlook&utm_medium=email&utm_content=emailsig> or manage your email preferences. Privacy Policy.<https://smartbear.com/privacy/>
Disclaimer
The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.
RE: handling invalid URL
Posted by Joseph Michaud <Jo...@smartbear.com>.
SNIP
> >>
> >> I think the answer is 'no', but I'll ask anyway.... Is there a global-level
> ErrorReportValve capability? Or some facility to easily remove the version
> information from an 'invalid URL' error report? (I'm aware of modifying the
> ServerInfo.properties file, but that affects more than just the error report...)
> >>
> >
> > this goes in server.xml like this
> >
> > <Host name="localhost" appBase="webapps"
> > unpackWARs="false" autoDeploy="false" deployXML="true">
> >
> > <Valve className="org.apache.catalina.valves.ErrorReportValve"
> showReport="false" showServerInfo="false" />
> >
> > </Host>
> >
> > you may also add
> errorReportValveClass="com.logo.tomcat.valves.CustomErrorReportValve" to
> the host attributes.
> >
>
> to add your own ErrorReportValve I wanted to add :-)
>
Yes! I had my ErrorReportValve defined in the Context. When I moved it to the Host it was given the chance to handle the invalid URL. Thanks!
Joe
We hope you found this email of interest; however, click here if you wish to unsubscribe<http://www2.smartbear.com/SubscriptionCenter.html?utm_source=outlook&utm_medium=email&utm_content=emailsig> or manage your email preferences. Privacy Policy.<https://smartbear.com/privacy/>
Disclaimer
The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.
Re: handling invalid URL
Posted by lo...@kreuser.name.
> Am 02.04.2022 um 10:04 schrieb logo@kreuser.name:
>
> Joe,
>
>> Am 02.04.2022 um 00:53 schrieb Joseph Michaud <Jo...@smartbear.com>:
>>
>> As I understand it, an ErrorReportValve is an application-level filter. An HTTP request error (like an unknown URL) that reaches it will be processed. With the ErrorReportValve I can modify the information presented in the report. However, an *invalid* URL is not assignable to any application. No ErrorReportValve would apply to it.
>>
>> An invalid URL generates a 400 response. In Tomcat 8.5, there was no error report included in that response. In Tomcat 9.0, the default error report is included. The default error report includes Tomcat version information. Some security-conscious customers don't want version information displayed but now, with Tomcat 9.0, I cannot remove that information.
>>
>> I think the answer is 'no', but I'll ask anyway.... Is there a global-level ErrorReportValve capability? Or some facility to easily remove the version information from an 'invalid URL' error report? (I'm aware of modifying the ServerInfo.properties file, but that affects more than just the error report...)
>>
>
> this goes in server.xml like this
>
> <Host name="localhost" appBase="webapps"
> unpackWARs="false" autoDeploy="false" deployXML="true">
>
> <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />
>
> </Host>
>
> you may also add errorReportValveClass="com.logo.tomcat.valves.CustomErrorReportValve" to the host attributes.
>
to add your own ErrorReportValve I wanted to add :-)
> Hope this helps
>
> Peter
>
>> Joe
>>
>> We hope you found this email of interest; however, click here if you wish to unsubscribe<http://www2.smartbear.com/SubscriptionCenter.html?utm_source=outlook&utm_medium=email&utm_content=emailsig> or manage your email preferences. Privacy Policy.<https://smartbear.com/privacy/>
>>
>> Disclaimer
>>
>> The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.
Re: handling invalid URL
Posted by lo...@kreuser.name.
Joe,
> Am 02.04.2022 um 00:53 schrieb Joseph Michaud <Jo...@smartbear.com>:
>
> As I understand it, an ErrorReportValve is an application-level filter. An HTTP request error (like an unknown URL) that reaches it will be processed. With the ErrorReportValve I can modify the information presented in the report. However, an *invalid* URL is not assignable to any application. No ErrorReportValve would apply to it.
>
> An invalid URL generates a 400 response. In Tomcat 8.5, there was no error report included in that response. In Tomcat 9.0, the default error report is included. The default error report includes Tomcat version information. Some security-conscious customers don't want version information displayed but now, with Tomcat 9.0, I cannot remove that information.
>
> I think the answer is 'no', but I'll ask anyway.... Is there a global-level ErrorReportValve capability? Or some facility to easily remove the version information from an 'invalid URL' error report? (I'm aware of modifying the ServerInfo.properties file, but that affects more than just the error report...)
>
this goes in server.xml like this
<Host name="localhost" appBase="webapps"
unpackWARs="false" autoDeploy="false" deployXML="true">
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />
</Host>
you may also add errorReportValveClass="com.logo.tomcat.valves.CustomErrorReportValve" to the host attributes.
Hope this helps
Peter
> Joe
>
> We hope you found this email of interest; however, click here if you wish to unsubscribe<http://www2.smartbear.com/SubscriptionCenter.html?utm_source=outlook&utm_medium=email&utm_content=emailsig> or manage your email preferences. Privacy Policy.<https://smartbear.com/privacy/>
>
> Disclaimer
>
> The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.
>