geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "xiezhi (JIRA)" <>
Subject [jira] [Created] (GERONIMO-6470) Enable the tomcat feature to Modify Apache-Coyote/1.1 Banner
Date Tue, 28 May 2013 07:02:20 GMT
xiezhi created GERONIMO-6470:

             Summary: Enable the tomcat feature to Modify Apache-Coyote/1.1 Banner
                 Key: GERONIMO-6470
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: Tomcat
    Affects Versions: 1.x
            Reporter: xiezhi
            Priority: Minor

In Response Headers, it exposure the version number of the Apache Tomcat Web Server which
runs on port 8080 by default.
We hope to modify the TomcatWebConnector'attribute server to protect this information.
I think the good pratice is below.

In <geronimo-home>\var\config\config.xml
  <module name="geronimo/tomcat/1.1/car">
    <gbean name="TomcatEngine">
      <attribute name="initParams">name=Geronimo</attribute>
      <reference name="TomcatValveChain"/>
    <gbean load="false" name="FirstValve"/>
    <gbean load="false" name="SecondValve"/>
    <gbean name="TomcatResources"/>
    <gbean name="TomcatWebConnector">
      <attribute name="host"></attribute>
      <attribute name="port">8080</attribute>
      <attribute name="redirectPort">8443</attribute>
      <attribute name="bufferSizeBytes">2048</attribute>
      <attribute name="maxThreads">150</attribute>
      <attribute name="acceptQueueSize">100</attribute>
      <attribute name="lingerMillis">-1</attribute>
      <attribute name="tcpNoDelay">true</attribute>
      <attribute name="minSpareThreads">25</attribute>
      <attribute name="maxSpareThreads">75</attribute>
      <attribute name="maxHttpHeaderSizeBytes">8192</attribute>
      <attribute name="hostLookupEnabled">false</attribute>
      <attribute name="connectionTimeoutMillis">20000</attribute>
      <attribute name="uploadTimeoutEnabled">false</attribute>
      <attribute name="maxPostSize">2097152</attribute>
      <attribute name="maxSavePostSize">4096</attribute>
      <attribute name="emptySessionPath">false</attribute>
      <attribute name="server">TestResponseHead</attribute>

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message