tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: "exception-message" header reveals path to document root in 404 response.
Date Sat, 11 Jan 2014 14:44:15 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Chuck,

On 1/11/14, 9:01 AM, Caldarale, Charles R wrote:
>> From: Howard W. Smith, Jr. [mailto:smithh032772@gmail.com] 
>> Subject: Re: "exception-message" header reveals path to document
>> root in 404 response.
> 
>> Wow, when I saw this last night, I shook my head and said to
>> myself,
> 
>> Server: Apache-Coyote/1.1
> 
>> this may be one of the reasons why my server/web-app are subject
>> to repeat-offender attacks from certain/few IP addresses in
>> China/Vietnam.
> 
> For the truly paranoid (to quote from the docs), look at the server
> attribute of the <Connector> element: 
> http://tomcat.apache.org/tomcat-7.0-doc/config/http.html

Or just not worry about it because Tomcat has reported
Apache-Coyote/1.1 since ... pretty much forever. That server string
doesn't give any information other than the fact that you are likely
running Tomcat (I think JBoss, Weblogic, etc. use that string too) and
almost definitely using a Java servlet container.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJS0Vi/AAoJEBzwKT+lPKRYThYP/3GkE0+1KrhoRZ7YU3ieIioD
3G9IP3dsiiqXGHMD7Jga+FpjWgm25YvFLDMvsgI1GHUF9Rfg4r+uqY96BDFbEP8u
rCsnPq8XF0VWUaXR5DJSRP68RLXHWhseX4JnPPeyRxvniHf9IAqnvvkT9ZKf2Vbz
EopkuXDzbOV5FW6b3Dy3inVvqSj7S1l41o/81oyZtPzg6nYBT3xwfAem1uwbHWjJ
i4gx6TWJUUXDT0iWPIx8J9ilEpT08TBbQifHVKEhyyRgF0tYUScEKAqT9OU1DZcV
veWzGuguQBXX5EtZpbVF1fqT0m+MaJfbJxJx0grWwFLdOUxi/nYDRR1bwXseXRYt
Om0CwdUEbR9JJ2bu9s0NyzqiNTDDRQ2pVymyV2FRTntDmVAv2dCziX2lOvuwqjqU
sMHxK0KYIVRJEuBA270w2sSuMxUVdmZMkLAEfM+IhHp1Up6NqYKv9CdmuyGsn0F+
koCLOn8o8iP0LSwywCCCWqO7kIgAdVkMKrDDUxKCvONMQ93Eu+pTdZo/soYRoI33
ljXPM+Y+IwWRLwYB9EtrVlV040/z/Y5HPxq8fjs7AMC1ueN9AZItlMLnWgM0+tBs
3TtBPNNnzY5jJtJvQE26l6CASI/VoPBKUeJAvk81lCWRKXUEh+oVVnx5Xhr7x9VI
8gybD4lKz8GnUvKwD+b1
=LVS7
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message