-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Amey,
On 3/28/16 3:54 AM, Amey Rokde wrote: > Dear Community > > We are using the apache-tomcat-7.0.55 and have configured only one > SSL connector (7070). > > The SSL connection (https) )works properly and i am able to fetch > the request. But if we make http request we get the garbled data to > be downloaded in the browser. This is expected behavior. > I tried searching over the net but the information available is > more about redirect and things around it. What i want is to prevent > this garbled data and get more of http 404 not found. Then you need to make an HTTP connection, not an HTTPS one. It's easy to configure an HTTP connector that redirects to HTTPS. > Getting this garbled data is considered more or less security > leak. Considered a security leak by whom? There is no information leakage. There are no secrets being transmitted. This is an inconvenience to the user that you can easily remedy. > I am attaching the sample server xml of the tomcat . Thanks, but it wasn't relevant (other than to confirm that you weren't configuring an HTTPS connector on a standard HTTP port such as 80). > Please advise what needs to be done. If you want your users to get a 404, then you should listen on port 80 (for HTTP) and return 404 for all requests. If you want to do better than that, you should listen on port 80 (for HTTP) and redirect all requests to the secure port. > PS: the higher tomcat versions namely apache-tomcat-8.0.32 does not > show above behaviour. It should behave exactly the same way. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlb5NXEACgkQ9CaO5/Lv0PA1WACfVyLxPNvG8EDwcNgNthvA0GOI eE0AoLOsRTnqp99mmIktin69zJz89pVj =YDpX -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
