One word of warning. Error 400 is a bit unique and special in that many kinds of error 400 happen very early in the processing of a potential incoming request. Many times the error 400 occurs before a context is known and as a result the error is served directly from the server, and not a context that would have the ErrorPageErrorHandler API.
If the concern is that the error page has a stacktrace, then you can turn that off in the ErrorHandler.setShowStacks(false). A typical setup on a server is that the server itself has a generic ErrorHandler, and each context (webapp) has it's own ErrorPageErrorHandler which has mappings for exceptions or status codes to resources (dynamic or static) that handle the error. Joakim Erdfelt / [email protected] On Mon, Jul 22, 2019 at 6:58 AM Simone Bordet <[email protected]> wrote: > Hi, > > On Mon, Jul 22, 2019 at 12:25 PM Silvio Bierman > <[email protected]> wrote: > > > > Hello all, > > > > We run an application that embeds Jetty 9.4.19. Upon receiving a > > malformed request where the Host header has been deliberately set to > > 127.0.0.1 (and therefore does not match the request URL) our server > > responds with: > > > > HTTP ERROR 400 > > > > Problem accessing /. Reason: > > > > Host does not match SNI > > > > Caused by: > > > > <stacktrace> > > > > During a pen-test that was done by one of our customers this was deemed > > too much internal information. What is the most easy way to configure > > the error info that we return upon such requests? > > Custom error pages, by using the ErrorPageErrorHandler API, see e.g. > > https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/ErrorPageTest.java > . > > -- > Simone Bordet > ---- > http://cometd.org > http://webtide.com > Developer advice, training, services and support > from the Jetty & CometD experts. > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
