Hi All,
The CFP for Community Over Code Asia, including the Web server and
Tomcat track, is closing very soon - at 4:00 PM on 22 Apr 2024
Beijing time.
Details: https://sessionize.com/communityovercode-asia-2024
Please do not wait until the last minute. We hope to see you in Hangzhou!
--
Best
On Thu, Apr 18, 2024 at 9:40 AM Adwait Kumar Singh wrote:
> > I'm not (yet) convinced distinguishing between those scenarios is always
> > going to be possible.
> I have a Tomcat patch which we use at work to do this, i.e always close the
> connection if HTTP parsing fails but not if it's a user
> On 18/04/2024 15:18, Stefan Ansing wrote:
> > Hi Rémy, Mark,
> > I just want to make sure that we’re understanding each other. I can see
> > that the connection needs to be closed in certain conditions to prevent
> > request smuggling attacks. I certainly don’t want to change that behaviour.
> >
>
> I'm not (yet) convinced distinguishing between those scenarios is always
> going to be possible.
I have a Tomcat patch which we use at work to do this, i.e always close the
connection if HTTP parsing fails but not if it's a user set status. I can
create a PR for feedback.
On Thu, Apr 18, 20
On 18/04/2024 15:18, Stefan Ansing wrote:
Hi Rémy, Mark,
I just want to make sure that we’re understanding each other. I can see
that the connection needs to be closed in certain conditions to prevent
request smuggling attacks. I certainly don’t want to change that behaviour.
However, I’m fac
On 18/04/2024 15:16, Adwait Kumar Singh wrote:
I think we should *always* close connections in cases where it can lead to
request smuggling vulnerabilities like when there is an error during header
or request line parsing, but allowing the user to control connection close
when the status is being
On 18/04/2024 14:41, Rémy Maucherat wrote:
On Thu, Apr 18, 2024 at 1:17 PM Mark Thomas wrote:
On 18/04/2024 09:07, Stefan Ansing wrote:
Hi,
We've observed some unexpected behaviour in Apache Tomcat (version 10.1.19)
where we see that HTTP/1.1 connections are closed whenever a servlet
applica
Op do 18 apr 2024 om 15:41 schreef Rémy Maucherat :
> On Thu, Apr 18, 2024 at 1:17 PM Mark Thomas wrote:
> >
> > On 18/04/2024 09:07, Stefan Ansing wrote:
> > > Hi,
> > >
> > > We've observed some unexpected behaviour in Apache Tomcat (version
> 10.1.19)
> > > where we see that HTTP/1.1 connectio
I think we should *always* close connections in cases where it can lead to
request smuggling vulnerabilities like when there is an error during header
or request line parsing, but allowing the user to control connection close
when the status is being set by the user, should be safe?
It allows user
Hello,
Can someone try to explain what this Catalina.log snippet is saying in regards
to clustering status?
It looks like to me, this machine successfully sent a session data state msg to
the other machine in the cluster, but 60 sec later the other machine did not
respond with with its session
On Thu, Apr 18, 2024 at 1:17 PM Mark Thomas wrote:
>
> On 18/04/2024 09:07, Stefan Ansing wrote:
> > Hi,
> >
> > We've observed some unexpected behaviour in Apache Tomcat (version 10.1.19)
> > where we see that HTTP/1.1 connections are closed whenever a servlet
> > application returns the followin
Hi Chris,
Thanks for message,
I am attaching server.xml and context.xml and rewrite.config files.
The paths are
/git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
/git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
https://www.example.com:/example [R=301,L]
Ammu,
On 4/18/24 07:45, lavanya tech wrote:
I added classname rewrite valeus in contex.xml file .
created rewrite.config so both of them is located under conf under
apache-tomcat.
https://www.example.com:/example [R=301,L]
So according to the docu
Jon,
On 4/17/24 13:26, Mcalexander, Jon J. wrote:
Thank you. The documentation makes it somewhat confusing because it
starts out that a Valve can exist in Engine, Host, and Context
Containers, and then in the subsequent valve list is the
ErrorReportValve, but it doesn’t make it clear as to where
Hi Thomas,
Thanks for the fast response.
I added classname rewrite valeus in contex.xml file .
created rewrite.config so both of them is located under conf under
apache-tomcat.
https://www.example.com:/example [R=301,L]
So according to the documentaion
Hi Thomas,
Thanks for the fast response.
I added classname rewrite valeus in contex.xml file .
created rewrite.config so both of them is located under conf under
apache-tomcat.
So according to the documentaion they say context.xml should be placed
under webapps and rewrite.conf
On 18/04/2024 12:05, lavanya tech wrote:
Hi Team,
I am using "Tomcat 10.1" in our environment and I wanted to redirect url
from https://example.com to https://www.servercom: and for this i
modified the server.xml as below in tomcat config, and the below
configuration doesnot seems to work. D
On 18/04/2024 09:07, Stefan Ansing wrote:
Hi,
We've observed some unexpected behaviour in Apache Tomcat (version 10.1.19)
where we see that HTTP/1.1 connections are closed whenever a servlet
application returns the following status codes: 400, 408, 411, 414, 500,
503, 501. This causes client app
Hi Team,
I am using "Tomcat 10.1" in our environment and I wanted to redirect url
from https://example.com to https://www.servercom: and for this i
modified the server.xml as below in tomcat config, and the below
configuration doesnot seems to work. Does anyone has ideas. Please suggest.
The u
Hi,
We've observed some unexpected behaviour in Apache Tomcat (version 10.1.19)
where we see that HTTP/1.1 connections are closed whenever a servlet
application returns the following status codes: 400, 408, 411, 414, 500,
503, 501. This causes client applications to rapidly reconnect and induce
hi
20 matches
Mail list logo
