tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jmpaul012 <jeremypa...@gmail.com>
Subject Re: Tomcat Logging and HTTP Header question
Date Fri, 02 Dec 2011 18:12:20 GMT

Sorry I didn't mean to ask the questions as though this forum is my private
consulting firm.  I have done everything I could before I posted on this
forum.  I have searched google, experts exchange, asked coworkers, and asked
my previous Tomcat professor.  I will use your suggestions and I hope I can
figure this out.  Thanks!


Christopher Schultz-2 wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> To whom it may concern,
> 
> On 12/2/11 12:10 PM, jmpaul012 wrote:
>>> So I am doing Tomcat STIGS and I am stuck on two of the STIGs.
>>> 
>>> 1.  How do I change what tomcat logs?  I think it's something I
>>> need to do in server.xml but I'm not sure.
> 
> What have you tried so far? This is a community mailing list, not a
> consulting agency. We're here to help, not to do things for you.
> 
>>> This is what I need to log:
>>> 
>>> • Date, Time • IP address of the host that initiated the request 
>>> • User ID supplied for HTTP authentication • HTTP Method • URL in
>>> the request • The protocol and protocol version used to make the
>>> request • Source and destination port numbers • Status codes for
>>> the response • Size of the response in bytes • HTTP Status and
>>> Referrer for the following events:
> 
> That sounds a lot like an HTTP access log. Have you looked through the
> "logging" documentation for your version of Tomcat for how to do
> access logging?
> 
>>> - Successful and unsuccessful attempts to access the web server
>>> software.
> 
> Depends upon your definition of "successful", "attempt", and "access".
> 
>>> - Successful and unsuccessful attempts to access the web site.
> 
> Ditto.
> 
>>> - Successful and unsuccessful attempts to access the web
>>> application.
> 
> Ditto.
> 
>>> 2. How do I view/change the HTTP header information of an
>>> intranet site that is using Tomcat?  I have to make sure the HTTP
>>> header does not show information about the web server which would
>>> include, web server product, version, or host operating system
> 
> Generally speaking, it's nice to post different questions in separate
> threads. It's not a huge deal, but it makes following a conversation
> easier for others.
> 
> Anyhow, you are looking for changing the "Server" response header,
> right? That's in the documentation as well, but it might not be the
> easiest thing to find. See below.
> 
> Since you are looking at securing Tomcat, you might want to have a
> look at the "Security Considerations" section of the Tomcat User Guide:
> http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html
> 
> (Make sure you use the right version -- I chose TC 7 because you never
> told us what you were running).
> 
> Hope that helps,
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iEYEARECAAYFAk7ZDaoACgkQ9CaO5/Lv0PB8QACgvfmekninLwMlIuafcwsG2WZ4
> HnAAni9XbJ15C0/wv0RgiJuCaZavt/wQ
> =GVw2
> -----END PGP SIGNATURE-----
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/Tomcat-Logging-and-HTTP-Header-question-tp32892450p32904101.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message