-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 1/15/19 06:12, Mark Thomas wrote: > On 15/01/2019 10:43, Ravi Kumar wrote: >> Hi All, >> >> I am facing an issue. It is kind of Security issue as Tomcat's >> ETag header in Response header can reveal vital info. > > What vital info? The ETag is constructed from the content length > and the last modified date. > >> We want to disable / turnoff this ETag header of Tomcat >> webserver. Referred this link :- >> https://serverfault.com/questions/232763/how-to-disable-etag-headers- in-tomcat >> >> but couldn't get success to disable this ETag. >> >> Appreciate your help ! > > The approached described in that link won't work if the response > is sufficiently large that the response has already been committed. > You'd need to wrap the response, override setHeader(String, String) > and NO-OP and calls that try to set the "ETag" header. That's what Tim's SO answer suggests. Ravi, I suspect that you haven't mapped the filter to your servlet correctly. Can you post your configuration for your <filter>, <filter-mapping>, and the URL you are trying to request? - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlw96tUACgkQHPApP6U8 pFjnOBAAqvLfdCnYJn5UAmJtLEZ0JQTXOdcgTPulG+uckfxTSpHGggisc1HttA2M a8zhpVkTlhdXOFX3DcVJYa/YnM2ZwgF49S/PPQL+8kPfAK/HbSFSS1PGIgdO+W/9 mnr46JrCUQETnRZksS6YStOrK7ST0pUhCr0n6DAfpDBc9Or6kRjX2RUrIfsDbV2o vJbXXzdacEUFNY4NpfkexWJPfXA7tnC4y7uJXT5ypwMd50oXrg+6sMZZt+ZUxO8L vDlEB3woIGpHSdL95UdSXUrvcSdL+XXDV+iDwj+G5Xj05DoEiVJG2p+rJHDeKtXY qRsz4fd4Hybyu7XrBrbufce/vXSndglSvRWbwjz41mFyNZYqV5PoRzqr6jssS7T3 jDxOt84NuovsYQ3POBiSzLLHNeijAidoM/+hvmYhoogLryP8Tr7eBG2uvoesjMpq xYPAdUJPXAcw/CETtE+2q99ybuMyAnhhUNUgRn4W9CmUFFGwThCer+YlRAGng98L 80l10l7gytBxCRHZiuKg7ah0rek17svlskZNKYR3AFnP6oUqJoaWJab18oGifL7S uHhxsz3oAHN2THzPYSgWXIx30MN4X8GccdzZrCBw5DynxrAUyvxNDTEvj9rvrWjh MK8hqcfIKvE8Orx3S+YK0pZC1wv7Egx+gfYL3juM8L3JT9kieZM= =549e -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
