On 15/01/2019 14:14, Christopher Schultz wrote: > Mark, > > On 1/15/19 06:12, Mark Thomas wrote: >> On 15/01/2019 10:43, Ravi Kumar wrote: >>> Hi All, >>> >>> I am facing an issue. It is kind of Security issue as Tomcat's >>> ETag header in Response header can reveal vital info. > >> What vital info? The ETag is constructed from the content length >> and the last modified date. > >>> We want to disable / turnoff this ETag header of Tomcat >>> webserver. Referred this link :- >>> https://serverfault.com/questions/232763/how-to-disable-etag-headers- > in-tomcat >>> >>> > but couldn't get success to disable this ETag. >>> >>> Appreciate your help ! > >> The approached described in that link won't work if the response >> is sufficiently large that the response has already been committed. >> You'd need to wrap the response, override setHeader(String, String) >> and NO-OP and calls that try to set the "ETag" header. > > That's what Tim's SO answer suggests.
Apologies. Too much context switching. I need to pay more attention. Mark > Ravi, I suspect that you haven't mapped the filter to your servlet > correctly. Can you post your configuration for your <filter>, > <filter-mapping>, and the URL you are trying to request? > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
