"cosmetic imperfection" and maybe ask also the
burpsuite-team if this finding is justified.
I wish all a nice weekend!
Thomas
> -Ursprüngliche Nachricht-
> Von: Roberto Benedetti
> Gesendet: Samstag, 16. September 2023 11:46
> An: Tomcat Users List
> Betreff: R:
other
security options are left to Tomcat.
We had the same issue and that's how we passed the pen-test.
Roberto
-Messaggio originale-
Da: Peter Kreuser
Inviato: venerdì 15 settembre 2023 21:34
A: Tomcat Users List
Oggetto: Re: HSTS on 401 / error pages
CAUTION - This e
; -Ursprüngliche Nachricht-
>> Von: Christopher Schultz
>> Gesendet: Freitag, 15. September 2023 17:15
>> An: users@tomcat.apache.org
>> Betreff: Re: AW: HSTS on 401 / error pages
>>
>> Thomas,
>>
>>> On 9/14/23 10:03, Thomas Hoffmann
Hello Christ,
> -Ursprüngliche Nachricht-
> Von: Christopher Schultz
> Gesendet: Freitag, 15. September 2023 17:15
> An: users@tomcat.apache.org
> Betreff: Re: AW: HSTS on 401 / error pages
>
> Thomas,
>
> On 9/14/23 10:03, Thomas Hoffmann (Speed4Trade G
Thomas,
On 9/14/23 10:03, Thomas Hoffmann (Speed4Trade GmbH) wrote:
Hello Chris,
-Ursprüngliche Nachricht-
Von: Christopher Schultz
Gesendet: Donnerstag, 14. September 2023 15:26
An: users@tomcat.apache.org
Betreff: Re: HSTS on 401 / error pages
Thomas,
Please start a new thread
Hello Shawn,
> -Ursprüngliche Nachricht-
> Von: Shawn Heisey
> Gesendet: Freitag, 15. September 2023 03:56
> An: Tomcat Users List
> Betreff: Re: AW: HSTS on 401 / error pages
>
> On 9/14/23 08:03, Thomas Hoffmann (Speed4Trade GmbH) wrote:
> > Sorry, I thoug
On 9/14/23 08:03, Thomas Hoffmann (Speed4Trade GmbH) wrote:
Sorry, I thought removing all content and subject is sufficient. Maybe the
message-id header is used internally(?)
TL;DR: technical details about message threading. Not about Tomcat.
This is what happens when you reply to an existin
rade GmbH)
> :
>
> Hello Chris,
>
>> -Ursprüngliche Nachricht-
>> Von: Christopher Schultz
>> Gesendet: Donnerstag, 14. September 2023 15:26
>> An: users@tomcat.apache.org
>> Betreff: Re: HSTS on 401 / error pages
>>
>> Thomas,
>>
&
Hello Chris,
> -Ursprüngliche Nachricht-
> Von: Christopher Schultz
> Gesendet: Donnerstag, 14. September 2023 15:26
> An: users@tomcat.apache.org
> Betreff: Re: HSTS on 401 / error pages
>
> Thomas,
>
> Please start a new thread next time.
Sorry, I thoug
Thomas,
Please start a new thread next time.
On 9/14/23 02:20, Thomas Hoffmann (Speed4Trade GmbH) wrote:
Hello everyone,
I would like to get your opinion about the HttpHeaderSecurityFilter in Tomcat.
I configured HSTS in Tomcat and it works well.
When I do a pen-test with burpsuite it complain
Hello everyone,
I would like to get your opinion about the HttpHeaderSecurityFilter in Tomcat.
I configured HSTS in Tomcat and it works well.
When I do a pen-test with burpsuite it complains that HSTS header is missing on
401 responses.
I couldn’t find much information about whether HSTS makes se
Hi,
The problem I reached is quite specific. I've searched Internet for any
hint but without success. So I would like to ask you for any pointers.
I have two tomcat servers "A" and "B":
A - tomcat 7.0.41 (local machine Linux Mint 15)
B - tomcat 7.0.42 (Ubuntu 12.04.2 on AWS EC2)
On 09/01/2010 23:16, cgswtsu78 wrote:
Hello,
I'm using the below httpd configuration in order to secure a resource
("/reportsvcs_ws") using basic auth. When I hit the url
https://host/reportsvcs_ws without authing, I'm prompted as expected but I
get a http status code of 401 when accessing the
happening?
Order allow,deny
Allow from all
AuthType Basic
AuthName "Report Service"
AuthUserFile filepath/usersfile
require valid-user
--
View this message in context:
http://old.nabble.com/401-Error-with-Basic-Auth-and-Tomcat-tp27093791p27093791.html
Sent from the Tomcat
> From: Marcos [mailto:mmfo...@adinet.com.uy]
> Subject: 401 error
>
> Hi, i just installed tomcat6 on suse linux.
> When i go to http://localhost:8080 appears tomcat screen, but when i
> click "Tomcat Manager" menu option i get http 401 error
Read the doc:
http://
Hi, i just installed tomcat6 on suse linux.
When i go to http://localhost:8080 appears tomcat screen, but when i click
"Tomcat Manager" menu option i get http 401 error
Status HTTP 401 -
This request requires HTTP authentication ().
Apache Tomcat/6.0.18
Any hel
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 4/24/2009 11:35 AM, Caldarale, Charles R wrote:
I'm not sure what you're trying to accomplish by defining an error
page for a 401 status; my understanding is that a 401 just triggers
the login dialog for the bro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 4/24/2009 11:35 AM, Caldarale, Charles R wrote:
> I'm not sure what you're trying to accomplish by defining an error
> page for a 401 status; my understanding is that a 401 just triggers
> the login dialog for the browser - there's no HTML o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jill,
On 4/24/2009 10:55 AM, Jill Han wrote:
> At this point, I just explored the options between basic and form-based
> authentication.
> No real webapp is build yet. The displayed name is just directory name, app1,
> under webapps.
I think it wou
> From: Jill Han [mailto:jill@alverno.edu]
> Subject: RE: customize HTTP Status 401 error page
There is at least one thing wrong with your web.xml:
> *
That's not a valid URL pattern; perhaps you meant "/*".
I'm not sure what you're trying to accomp
: Tomcat Users List
Subject: Re: customize HTTP Status 401 error page
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jill,
On 4/24/2009 9:04 AM, Jill Han wrote:
> The display-name is Faculty Resources. If I supply this name to the
> url, http://localhost:8080/Faculty Resources, it will ge
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jill,
On 4/24/2009 9:04 AM, Jill Han wrote:
> The display-name is Faculty Resources. If I supply this name to the
> url, http://localhost:8080/Faculty Resources, it will generate 404
> error.
I think you may be very confused about a lot of things. Th
: customize HTTP Status 401 error page
X-HOSTLOC: alverno.edu/10.0.60.10
the url-pattern is usually the contextPath such as
http://host:port + ContextPath is compared to the
http://edocs.bea.com/wls/docs61/webapp/web_xml.html
what is the webapplication name?
what happens when you supply the
> From: Martin Gainty [mailto:mgai...@hotmail.com]
> Subject: RE: customize HTTP Status 401 error page
>
> what happens when you supply the webapplication name to
> and restart TC?
That would violate the servlet spec. The webapp name *never* appears in
web.xml, other
à l'information seulement et n'aura pas n'importe
quel effet légalement obligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
> Subject: RE: customize HTTP Status 401 er
credential window was prompted, but instead,
the error.html
However, if it is run on Linux, credential window was prompted, but, if
unsuccessful, or clicking "Cancel", 401 error message still show up.
was ignored.
Jill
-Original Message-
From: Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jill,
On 4/23/2009 1:20 PM, Jill Han wrote:
> I still need helps.
> Here is the web.xml
> ...
>
> BASIC
> TESTING
>
>
>
> 401
> /error.html
>
> ...
> The error.html is replaced
I still need helps.
Here is the web.xml
...
BASIC
TESTING
401
/error.html
...
The error.html is replaced the 401 error message, however there will be no
authentication window prompted, error.html is somehow loaded all the time.
Thanks,
Jill
-Original Message
The correct tag should be
401
/error401.jsp
Thanks,
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Thursday, April 23, 2009 10:18 AM
To: Tomcat Users List
Subject: Re: customize HTTP Status 401 error page
-BEGIN PGP SIGNED
Would you give some instructions on doing that?
I tried to put /error.html in application own web.xml
And tomcat conf/web.xml, they won't work. The HTTP Status 401 error page is
still used.
Thanks,
Jill
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschult
1. is there a way to customize "cancel" action? So there will be no error
> message prompted.
No.
> 2. Is there a way to customize tomcat HTTP Status 401 error message
> to a more user meaningful one?
Yes. See the section of web.xml that has entries.
- -chris
-BEGIN
If using Basic authentication, the unsuccessful login, or just click "Cancel"
button will trigger the 401 page.
My question is
1. is there a way to customize "cancel" action? So there will be no error
message prompted.
2. Is there a way to customize tomcat HTTP Status 40
On Mon, 02 Mar 2009 08:11:18 +, Thufir wrote:
> On Mon, 02 Mar 2009 07:04:40 +, Thufir wrote:
>
>> On Mon, 02 Mar 2009 05:49:53 +, Thufir wrote:
>>
>>> I'm getting:
>>>
>>>
>>> HTTP Status 401 -
>>>
>>> type Status report
>>>
>>> message
>>>
>>> description This request requires
On Mon, 02 Mar 2009 07:04:40 +, Thufir wrote:
> On Mon, 02 Mar 2009 05:49:53 +, Thufir wrote:
>
>> I'm getting:
>>
>>
>> HTTP Status 401 -
>>
>> type Status report
>>
>> message
>>
>> description This request requires HTTP authentication ().
>>
>> http://localhost:8080/manager/html
On Mon, 02 Mar 2009 05:49:53 +, Thufir wrote:
> I'm getting:
>
>
> HTTP Status 401 -
>
> type Status report
>
> message
>
> description This request requires HTTP authentication ().
>
> http://localhost:8080/manager/html
>
>
> on tomcat6 for ubuntu 8.10 with sun java. Neither restarti
I'm getting:
HTTP Status 401 -
type Status report
message
description This request requires HTTP authentication ().
http://localhost:8080/manager/html
on tomcat6 for ubuntu 8.10 with sun java. Neither restarting tomcat nor
logging out gained access to the manager page, had to restart.
Is
See section 10.4.2 of http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
You have to understand the page user see when he hit cancel has been
send by tomcat before the user hit cancel. This is the page which is
shown to user to indicate him he requires authentification. If you want
to customiz
Hello,
Our webapp runs with Tomcat 5, Apache 2.0.46 from RHEL3, Tomcat 5.0.27
from JPackage, and communicate via mod_jk 1.2.6.
Here's the problem we face: our webapp sends notifications by email,
with a link to a JSP requiring a classical HTTP authentication dialog.
This same page is used for the
38 matches
Mail list logo
