[Bug 56463] New: Allow to disable ServerInfo in directory listings in DefaultServlet

bugzilla Sun, 27 Apr 2014 11:31:24 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=56463


            Bug ID: 56463
           Summary: Allow to disable ServerInfo in directory listings in
                    DefaultServlet
           Product: Tomcat 7
           Version: 7.0.53
          Hardware: PC
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: knst.koli...@gmail.com

Discussion on dev@:
http://tomcat.markmail.org/thread/mh3yaptw7rlw2zcv

[quote]
Looking at Tomcat bug 56383 - "Securing ErrorReportValve" (
https://issues.apache.org/bugzilla/show_bug.cgi?id=56383 ), i think a
similar thing can also be done for the Tomcat version number reported by
the DefaultServlet.
This servlet will show the version information from ServerInfo when the
listings are enabled. Currently it seems there is no way of disabling
version reporting other than 'hacking' the ServerInfo.
[/quote]

There is a way to customize those listings: define an XSLT style sheet.

That said, it is possible to introduce a configuration option for
DefaultServlet.

Places to patch:
- DefaultServlet.java
- webapps/docs/default-servlet.xml
- webapps/docs/security-howto.xml

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 56463] New: Allow to disable ServerInfo in directory listings in DefaultServlet

Reply via email to