Disable Error Page Tomcat
Contents |
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the disable tomcat default page workings and policies of this site About Us Learn more about Stack how to disable tomcat home page Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions tomcat disable sslv3 Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join
Tomcat 6 Error Page
them; it only takes a minute: Sign up Reducing information disclosure in Tomcat error pages up vote 7 down vote favorite 3 By default, Tomcat's error pages disclose both the existence of Tomcat and the exact version of the container that's handling the requests. This is nice for development, but in a production context this information is a potential tomcat 404 error page security hole and it would be nice to disable it. Thus I would like to know what the best (as in most straightforward/comprehensive) solution is to completely suppress Tomcat's default error pages. I am aware of the
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the tomcat error page redirect company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions
Tomcat Error Page Location
Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million
Tomcat Custom Error Page
programmers, just like you, helping each other. Join them; it only takes a minute: Sign up How to disable Tomcat's html error pages when my REST API returns 500 HTTP Status up vote 2 down vote http://stackoverflow.com/questions/1520162/reducing-information-disclosure-in-tomcat-error-pages favorite I'm using @ControllerAdvice, @ErrorHandler and @ResponseStatus annotations to return some error informations. I'm sure that handler method is executed (I've checked it under debuger.) But my ErrorInfo object is override by Tomcat HTML error page. @ExceptionHandler(value = ServiceExecutionException.class) @ResponseStatus(value = HttpStatus.INTERNAL_SERVER_ERROR, reason = "Internal Server Error") ErrorInfo handleServiceError(HttpServletRequest request, HttpServletResponse response, Exception e) { return new ErrorInfo(request.getRequestURL().toString(), e.getLocalizedMessage()); } Here is similar question, but it doesn't contains a proper answer, because I http://stackoverflow.com/questions/32998602/how-to-disable-tomcats-html-error-pages-when-my-rest-api-returns-500-http-statu try to avoid complicating my code. Disable all default HTTP error response content in Tomcat java rest spring-mvc tomcat tomcat8 share|improve this question asked Oct 7 '15 at 17:22 MichaĆ Mielec 779 add a comment| active oldest votes Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook. Your Answer draft saved draft discarded Sign up or log in Sign up using Google Sign up using Facebook Sign up using Email and Password Post as a guest Name Email Post as a guest Name Email discard By posting your answer, you agree to the privacy policy and terms of service. Browse other questions tagged java rest spring-mvc tomcat tomcat8 or ask your own question. asked 1 year ago viewed 322 times Linked 43 Disable all default HTTP error response content in Tomcat Related 391REST API error return good practices4Disable default error page in Tomcat for Spring MVC REST API2Apache Tomcat 8 not working. Throws HTTP Status 500 - java.lang.ClassNotFoundException: org.apache.jsp.index_jsp1Jersey REST-API returns a HTTP Error 500 (but only client-side)-1How can I fix 'HTTP Status 500 - Internal Server Error' error?0Tomcat with Rest - HTTP Status 500 - Servlet execution threw an exception0HTTP Status 500 - Internal Server Error - Apache Tomcat(Restful webservice)1Simple REST API returns HTTP 5000Jersey 2.x and
Common 6 Protecting the Shutdown Port 7 Securing Manager WebApp https://www.owasp.org/index.php/Securing_tomcat 8 Logging 9 Encryption 9.1 Sample Configuration - Good Security 9.2 Sample Configuration - Better Security 10 Java Security 10.1 Running Tomcat with a Security Manager 11 Miscellaneous 11.1 Using Port 80 11.2 Cleartext Passwords in CATALINA_HOME/conf/server.xml 12 Acknowledgements Status * Content should provide a link and references error page to - SecureTomcat - http://securetomcat.googlecode.com Released 14/1/2007 Updated 10/7/2014 https://tomcat.apache.org/tomcat-7.0-doc/security-howto.html https://tomcat.apache.org/tomcat-8.0-doc/security-howto.html is almost the same... Authors Darren Edmonds Jacques Le Roux Introduction Most weaknesses in Apache Tomcat come from incorrect or inappropriate configuration. It is nearly always possible to make Tomcat more secure than the default out of the tomcat error page box installation. What follows documents best practices and recommendations on securing a production Tomcat server, whether it be hosted on a Windows or Unix based operating system. Please note that the section ordering is not a representation of the section importance. Software Versions The first step is to make sure you are running the latest stable releases of software; Java Runtime Environment (JRE) or SDK Tomcat Third-party libraries Many software projects, including Tomcat and Java, maintain multiple branches. New features are added to more recent branches, the older branches receive only bug-fixes and security updates. This allows developers to advance the software without disrupting production environments. Be aware of which branch you have deployed, and track new releases within that branch. For example, if you are running Tomcat 5.5.26, you should watch for new versions within the 5.5 branch (e.g. 5.5.27) and upgrad