tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tomcat Logging and HTTP Header question
Date Fri, 02 Dec 2011 17:40:58 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To whom it may concern,

On 12/2/11 12:10 PM, jmpaul012 wrote:
>> So I am doing Tomcat STIGS and I am stuck on two of the STIGs.
>> 
>> 1.  How do I change what tomcat logs?  I think it's something I
>> need to do in server.xml but I'm not sure.

What have you tried so far? This is a community mailing list, not a
consulting agency. We're here to help, not to do things for you.

>> This is what I need to log:
>> 
>> • Date, Time • IP address of the host that initiated the request 
>> • User ID supplied for HTTP authentication • HTTP Method • URL in
>> the request • The protocol and protocol version used to make the
>> request • Source and destination port numbers • Status codes for
>> the response • Size of the response in bytes • HTTP Status and
>> Referrer for the following events:

That sounds a lot like an HTTP access log. Have you looked through the
"logging" documentation for your version of Tomcat for how to do
access logging?

>> - Successful and unsuccessful attempts to access the web server
>> software.

Depends upon your definition of "successful", "attempt", and "access".

>> - Successful and unsuccessful attempts to access the web site.

Ditto.

>> - Successful and unsuccessful attempts to access the web
>> application.

Ditto.

>> 2. How do I view/change the HTTP header information of an
>> intranet site that is using Tomcat?  I have to make sure the HTTP
>> header does not show information about the web server which would
>> include, web server product, version, or host operating system

Generally speaking, it's nice to post different questions in separate
threads. It's not a huge deal, but it makes following a conversation
easier for others.

Anyhow, you are looking for changing the "Server" response header,
right? That's in the documentation as well, but it might not be the
easiest thing to find. See below.

Since you are looking at securing Tomcat, you might want to have a
look at the "Security Considerations" section of the Tomcat User Guide:
http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html

(Make sure you use the right version -- I chose TC 7 because you never
told us what you were running).

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7ZDaoACgkQ9CaO5/Lv0PB8QACgvfmekninLwMlIuafcwsG2WZ4
HnAAni9XbJ15C0/wv0RgiJuCaZavt/wQ
=GVw2
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message