As what Christopher Schultz mentioned, "including switching package
names", i.e. from javax to jakarta.. when I did the webapp migration
to tomcat 10, I had to make all the libraries to reference jakarta
though, including taglib-mailer, jsp and so on.
hth
Jason
On Fri, May 27, 2022 at 8:53 AM R
Hi Mark,
Thanks again for the prompt response.
You wrote below: "If the original request only has a Host header, then
allowHostHeaderMismatch="false" isn't going to do anything because there is no
mismatch.". I am not clear on what this means. What should the match be
between? I thought t
>
> I suspect you should be able to upgrade your Tomcat from 7 to 10 in one
> shot, but you might want to go from 7->9 and wait a little on 10.
>
Yes, it is! but not in a production environment. I want to upgrade in only
one shot.
On Thu, May 26, 2022 at 8:32 PM Christopher Schultz <
ch...@christo
Rainer,
On 5/26/22 17:25, Rainer Jung wrote:
Hi Chris,
Am 26.05.2022 um 21:49 schrieb Christopher Schultz:
On 5/16/22 13:48, Christopher Schultz wrote:
I see the place in the code where the error is generated, but I'm not
familiar enough with the code to know how to add that kind of thing.
Rodrigo,
On 5/26/22 17:16, Rodrigo Cunha wrote:
i need upgrade my tomcat server from 7 to 10. I don't saw in internet
nothing about that. Commonly i upgraded in steps, 7 to 8, 8 to 9 and 9 to
10.
Are there a problem upgrade from 7 to 10?
I suspect you should be able to upgrade your Tomcat from
Hi Chris,
Am 26.05.2022 um 21:49 schrieb Christopher Schultz:
On 5/16/22 13:48, Christopher Schultz wrote:
I see the place in the code where the error is generated, but I'm not
familiar enough with the code to know how to add that kind of thing.
The function in question (ajp_process_callback
Hi,
i need upgrade my tomcat server from 7 to 10. I don't saw in internet
nothing about that. Commonly i upgraded in steps, 7 to 8, 8 to 9 and 9 to
10.
Are there a problem upgrade from 7 to 10?
--
Atenciosamente,
Rodrigo da Silva Cunha
São Gonçalo, RJ - Brasil
Pontus,
On 5/25/22 03:53, Pontus Ågren wrote:
There is monitoring of the service so that seems to be the cause. I
agree that logging it at TRACE level is a better idea. On INFO level
it just adds noice.
You might be "over monitoring" if you are seeing pairs of messages at
once... except for eve
Rainer,
On 5/26/22 16:46, Rainer Jung wrote:
Hi Chris,
Am 16.05.2022 um 19:48 schrieb Christopher Schultz:
I've been looking into this a little more in my production environment.
These errors are not super common, but there seems to be a steady
trickle of errors from my two services that hav
All,
On 5/26/22 15:49, Christopher Schultz wrote:
Rainer,
On 5/16/22 13:48, Christopher Schultz wrote:
Rainer,
I've been looking into this a little more in my production environment.
These errors are not super common, but there seems to be a steady
trickle of errors from my two services tha
Hi Chris,
Am 16.05.2022 um 19:48 schrieb Christopher Schultz:
I've been looking into this a little more in my production environment.
These errors are not super common, but there seems to be a steady
trickle of errors from my two services that have human users. I see 0
errors for my API-based
Rainer,
On 5/16/22 13:48, Christopher Schultz wrote:
Rainer,
I've been looking into this a little more in my production environment.
These errors are not super common, but there seems to be a steady
trickle of errors from my two services that have human users. I see 0
errors for my API-based
On 26/05/2022 14:29, Ralph Atallah wrote:
Hi Mark,
What we are trying to do is to prevent Host header attacks by ensuring that the host name
in the http request URL always matches the "Host" header in the request. If it
does not, we are supposed refuse the request and respond with 400 Bad Req
On Thu, May 26, 2022 at 11:37 AM Konstantin Kolinko
wrote:
> чт, 26 мая 2022 г. в 18:19, Robert Hicks :
> >
> > We would like to start logging the response location in Tomcat. I am not
> > sure where to look something like that up.
>
> You are not mentioning the version number, but from other thr
чт, 26 мая 2022 г. в 18:19, Robert Hicks :
>
> We would like to start logging the response location in Tomcat. I am not
> sure where to look something like that up.
You are not mentioning the version number, but from other threads I
assume that it is 9.0.x.
Here:
https://tomcat.apache.org/tomcat-
We would like to start logging the response location in Tomcat. I am not
sure where to look something like that up.
Thanks,
Bob
Hi Mark,
What we are trying to do is to prevent Host header attacks by ensuring that the
host name in the http request URL always matches the "Host" header in the
request. If it does not, we are supposed refuse the request and respond with
400 Bad Request as per OWASP recommendations. Here a
On 25/05/2022 16:21, Amit Pande wrote:
Hello Mark,
Could we slightly update the description - to say that this size is total size
(in bytes)of all the request (and response) headers combined (including the
header name and values)?
In the past, I incorrectly assumed that this size limit applies
On 26/05/2022 02:20, Ralph Atallah wrote:
Hi,
We use Tomcat 7.0.109 and Tomcat 8.5 in our Tomcat based webapp deployments and
we have a new requirement to prevent Host Header injection. The
allowHostHeaderMismatch option seems the perfect answer to this issue.
However, configuring it in our
19 matches
Mail list logo
