Hi Chris,
Please find my web.xml configuration file attached.
Thank you !
On Tue, Jan 15, 2019 at 7:44 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Mark,
>
> On 1/15/19 06:12, Mark Thomas wrote:
> > On 15/01/2019 10:43, Ravi Kumar wrote:
> >> Hi All,
> >>
> >> I am facing an issue. It is kind of Security issue as Tomcat's
> >> ETag header in Response header can reveal vital info.
> >
> > What vital info? The ETag is constructed from the content length
> > and the last modified date.
> >
> >> We want to disable / turnoff this ETag header of Tomcat
> >> webserver. Referred this link :-
> >> https://serverfault.com/questions/232763/how-to-disable-etag-headers-
> in-tomcat
> <https://serverfault.com/questions/232763/how-to-disable-etag-headers-in-tomcat>
> >>
> >>
> but couldn't get success to disable this ETag.
> >>
> >> Appreciate your help !
> >
> > The approached described in that link won't work if the response
> > is sufficiently large that the response has already been committed.
> > You'd need to wrap the response, override setHeader(String, String)
> > and NO-OP and calls that try to set the "ETag" header.
>
> That's what Tim's SO answer suggests.
>
> Ravi, I suspect that you haven't mapped the filter to your servlet
> correctly. Can you post your configuration for your <filter>,
> <filter-mapping>, and the URL you are trying to request?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlw96tUACgkQHPApP6U8
> pFjnOBAAqvLfdCnYJn5UAmJtLEZ0JQTXOdcgTPulG+uckfxTSpHGggisc1HttA2M
> a8zhpVkTlhdXOFX3DcVJYa/YnM2ZwgF49S/PPQL+8kPfAK/HbSFSS1PGIgdO+W/9
> mnr46JrCUQETnRZksS6YStOrK7ST0pUhCr0n6DAfpDBc9Or6kRjX2RUrIfsDbV2o
> vJbXXzdacEUFNY4NpfkexWJPfXA7tnC4y7uJXT5ypwMd50oXrg+6sMZZt+ZUxO8L
> vDlEB3woIGpHSdL95UdSXUrvcSdL+XXDV+iDwj+G5Xj05DoEiVJG2p+rJHDeKtXY
> qRsz4fd4Hybyu7XrBrbufce/vXSndglSvRWbwjz41mFyNZYqV5PoRzqr6jssS7T3
> jDxOt84NuovsYQ3POBiSzLLHNeijAidoM/+hvmYhoogLryP8Tr7eBG2uvoesjMpq
> xYPAdUJPXAcw/CETtE+2q99ybuMyAnhhUNUgRn4W9CmUFFGwThCer+YlRAGng98L
> 80l10l7gytBxCRHZiuKg7ah0rek17svlskZNKYR3AFnP6oUqJoaWJab18oGifL7S
> uHhxsz3oAHN2THzPYSgWXIx30MN4X8GccdzZrCBw5DynxrAUyvxNDTEvj9rvrWjh
> MK8hqcfIKvE8Orx3S+YK0pZC1wv7Egx+gfYL3juM8L3JT9kieZM=
> =549e
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd";>
<web-app>
<servlet>
<servlet-name>com.sales.administrator.AdministratorServlet</servlet-name>
<servlet-class>com.sales.uac.ui.PLEASE_USE_sales_administrator</servlet-class>
</servlet>
<servlet>
<servlet-name>repo</servlet-name>
<servlet-class>com.sales.repo.RemoteRepoServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<filter>
<filter-name>salesadmin_filter</filter-name>
<filter-class>com.sales.administrator.AdministratorServletFilter</filter-class>
</filter>
<filter>
<filter-name>salesadmin_XSSfilter</filter-name>
<filter-class>com.sales.administrator.AdministratorServletXSSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>salesadmin_filter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>salesadmin_XSSfilter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>sales_administrator</servlet-name>
<servlet-class>com.sales.administrator.AdministratorServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>repo</servlet-name>
<url-pattern>/repo/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>sales_administrator</servlet-name>
<url-pattern>/servlet/sales_administrator</url-pattern>
</servlet-mapping>
</web-app>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
