hgomez 01/08/31 02:45:50
Modified: src/etc server.xml
src/share/org/apache/tomcat/modules/server Http10.java
Http10Interceptor.java
Log:
Add Server header in http 1.0 connector.
For security purpose, use reportedname attribute
to select name to be reported back to browser.
An empty string will make no Server header sent
Revision Changes Path
1.88 +5 -1 jakarta-tomcat/src/etc/server.xml
Index: server.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/etc/server.xml,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -r1.87 -r1.88
--- server.xml 2001/08/23 14:42:46 1.87
+++ server.xml 2001/08/31 09:45:50 1.88
@@ -168,7 +168,11 @@
<!-- new http adapter. Attributes:
secure - use SSL ( https )
keystore, keypass - certs for SSL
- port -->
+ port
+ reportedname - Server name to send back to browser
+ by default report Tomcat Web Server ...
+ set an empty string to avoid sending server header
+ -->
<Http10Connector port="8080"
secure="false"
maxThreads="100"
1.13 +0 -20
jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Http10.java
Index: Http10.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Http10.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- Http10.java 2001/06/28 06:48:50 1.12
+++ Http10.java 2001/08/31 09:45:50 1.13
@@ -430,26 +430,6 @@
printHead("\r\n");
}
-
- public void setHttpHeaders(Request req, MimeHeaders headers) {
- // Hack: set Date header.
- // This method is overriden by ajp11, ajp12 - so date will not be set
- // for any of those ( instead the server will generate the date )
- // This avoids redundant setting of date ( very expensive ).
- // XXX XXX Check if IIS, NES do generate the date
- if( false ) {
- headers.setValue( "Date" ).setTime( System.currentTimeMillis());
- }
-
- // Servlet Engine header will be set per/adapter - smarter adapters will
- // not send it every time ( have it in C side ), and we may also want
- // to add informations about the adapter used
- if( req.getContext() != null)
- headers.setValue("Servlet-Engine").setString(
- req.getContext().getEngineHeader());
- }
-
-
public void doWrite( byte buffer[], int pos, int count)
throws IOException
{
1.21 +22 -1
jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Http10Interceptor.java
Index: Http10Interceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/server/Http10Interceptor.java,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- Http10Interceptor.java 2001/08/24 08:02:35 1.20
+++ Http10Interceptor.java 2001/08/31 09:45:50 1.21
@@ -90,11 +90,14 @@
* - keystore - certificates - default to ~/.keystore
* - keypass - password
* - clientauth - true if the server should authenticate the client using certs
+ * Properties for HTTP:
+ * - reportedname - name of server sent back to browser (security purposes)
*/
public class Http10Interceptor extends PoolTcpConnector
implements TcpConnectionHandler
{
private int timeout = 300000; // 5 minutes as in Apache HTTPD server
+ private String reportedname;
public Http10Interceptor() {
super();
@@ -112,7 +115,9 @@
public void setTimeout( int timeouts ) {
timeout = timeouts * 1000;
}
-
+ public void setReportedname( String reportedName) {
+ reportedname = reportedName;
+ }
// -------------------- Handler implementation --------------------
public void setServer( Object o ) {
this.cm=(ContextManager)o;
@@ -122,6 +127,8 @@
Object thData[]=new Object[3];
HttpRequest reqA=new HttpRequest();
HttpResponse resA=new HttpResponse();
+ if (reportedname != null)
+ resA.setReported(reportedname);
cm.initRequest( reqA, resA );
thData[0]=reqA;
thData[1]=resA;
@@ -151,6 +158,7 @@
cm.service( reqA, resA );
+ // XXX didn't honor HTTP/1.0 KeepAlive, should be fixed
TcpConnection.shutdownInput( socket );
}
catch(java.net.SocketException e) {
@@ -184,6 +192,7 @@
}
finally {
// recycle kernel sockets ASAP
+ // XXX didn't honor HTTP/1.0 KeepAlive, should be fixed
try { if (socket != null) socket.close (); }
catch (IOException e) { /* ignore */ }
}
@@ -323,6 +332,7 @@
class HttpResponse extends Response {
Http10 http;
+ String reportedname;
public HttpResponse() {
super();
@@ -336,6 +346,10 @@
super.recycle();
}
+ public void setReported(String reported) {
+ reportedname = reported;
+ }
+
public void endHeaders() throws IOException {
super.endHeaders();
if(request.protocol().isNull() ||
@@ -350,6 +364,13 @@
// no date header set by user
getMimeHeaders().setValue( "Date" ).setTime( System.currentTimeMillis());
}
+
+ // return server name (or the reported one)
+ if (reportedname == null)
+ getMimeHeaders().setValue( "Server"
).setString(request.getContext().getEngineHeader());
+ else
+ if (reportedname.length() != 0)
+ getMimeHeaders().setValue( "Server" ).setString(reportedname);
http.sendHeaders( getMimeHeaders() );
}
