-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Olivier,
On 12/16/19 06:08, Olivier Jaquemet wrote: > Hello all, > > I would like to systematically hide a request header to web > applications hosted by Tomcat. > > - If Apache HTTPD is used in front of Tomcat, you can use the > RequestHeader directive [0]: RequestHeader unset Some-Header-Name > > - If NGINX is used in front of Tomcat, you can use the > proxy_set_header directive [1]: proxy_set_header Some-Header-Name > ""; > > - Is there any way to apply a similar configuration (no development > [2]) to Apache Tomcat when there is no front server ? I could not > find any built-in valve/filter that would allow such filtering. I > don't think there is any, but I wanted to make sure I had not > missed something. I took a look at Tomcat's rewrite valve[1] and also at the venerable url-rewrite[2] and I didn't see any options for munging headers. I could have sworn someone wrote a mod_headers port for Tomcat and/or any container, but I guess not. I think this one would indeed require some (light) development work to make it work in the container and not in, say, a proxy. - -chris [1] https://tomcat.apache.org/tomcat-9.0-doc/rewrite.html [2] https://tuckey.org/urlrewrite/ -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl33nZAACgkQHPApP6U8 pFhAJRAAoAO3Eth8HnaRwYFQnHSwpPvk6dyim5j7k6VRmswLF1Xe7PfJfAc3NTPI 4GM/0M1Hx/6aOpuZr0BaS1tjH7ks59Q7DQcmM99WN2vXAWzUA5XAXY7I/FIgt2Do UHdCaBap51jPZAOXqNKTG17s26cvhK8EktEjQ0wDBM3YS6BsPJfoQVqHQuisP5b2 OmOaMyA18orG6cAGnR9WPP3/uJQRh5qF1BcK7ECLgPv91xIxnSQFxNTMQPinLOEw 6U/Be9Rovf7dPM4NPXuE2GQgCOCxoL9IzuSXxZxMh/x1ohyZzlQffe3mz1ObnBmE 6adob+9fRJQcjtRddteMfNGZBkB0oPRa9SYZzkjcnhZBL0/P53luxapXduNqz9UR R4ze9xGGORIleGbCFKTnTkKIVHjdaWtPY7SW+EOLgLfx98PQRK/OedA+Dpo29gUk xiXrzm1VHBAzrGlZjSE8uYCJuvXOPKkXM6YuZVXQLD9gVF+x8nwJOAdCU481Mbn4 dyr533ZDTF+b44otOm3Umz1dMxCEXNCCiOldBjhoZ2yk/GDqU2Ico2pEuJsGeOd6 IBXurJ5tCPHbNp7RxGJoN2bPinl3AFrlGwv4sdbA1zdIb3bdKHULPCVpPS+WCT3z xZ6obLgkIhGaf5aiPnx/XhK+vXBpPoSzQckseTFDyGnmkuF+6cE= =DbtF -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
