tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Howard W. Smith, Jr." <>
Subject Re: "exception-message" header reveals path to document root in 404 response.
Date Sat, 11 Jan 2014 16:29:29 GMT
On Sat, Jan 11, 2014 at 9:01 AM, Caldarale, Charles R <> wrote:

> > From: Howard W. Smith, Jr. []
> > Subject: Re: "exception-message" header reveals path to document root in
> 404 response.
> > Wow, when I saw this last night, I shook my head and said to myself,
> > Server: Apache-Coyote/1.1
> > this may be one of the reasons why my server/web-app are subject to
> > repeat-offender attacks from certain/few IP addresses in China/Vietnam.
> For the truly paranoid (to quote from the docs), look at the server
> attribute of the <Connector> element:

+1 and LOL.


Overrides the Server header for the http response. If set, the value for
this attribute overrides the Tomcat default and any Server header set by a
web application. If not set, any value specified by the application is
used. If the application does not specify a value then Apache-Coyote/1.1 is
used. Unless you are paranoid, you won't need this feature.

Thanks Chuck for the response and for quoting the user guide. I have not
set 'server' on the Connector and still have no need of setting the
'server' attribute. Nice to know that that is available. :)

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message