tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Howard W. Smith, Jr." <smithh032...@gmail.com>
Subject Re: "exception-message" header reveals path to document root in 404 response.
Date Sat, 11 Jan 2014 12:49:38 GMT
On Fri, Jan 10, 2014 at 7:02 PM, Caldarale, Charles R <
Chuck.Caldarale@unisys.com> wrote:

> Here's Tomcat's standard 404 response:
>
> HTTP/1.1 404 Not Found
> Server: Apache-Coyote/1.1
> Content-Type: text/html;charset=utf-8
> Content-Length: 1027
> Date: Fri, 10 Jan 2014 23:59:34 GMT
>

Wow, when I saw this last night, I shook my head and said to myself,

Server: Apache-Coyote/1.1

this may be one of the reasons why my server/web-app are subject to
repeat-offender attacks from certain/few IP addresses in China/Vietnam.

I never new that a 404 would expose the server name (apache coyote). I
guess/assume that once they see that server name in the 404 response, some
of those bots continue to try and try.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message