-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ravi,
On 1/15/19 09:41, Ravi Kumar wrote: > Please find my web.xml configuration file attached. I don't see anything configured that looks like it might be an "ignoreETagFilter". Did you configure it somewhere else? - -chris > On Tue, Jan 15, 2019 at 7:44 PM Christopher Schultz > <ch...@christopherschultz.net > <mailto:ch...@christopherschultz.net>> wrote: > > Mark, > > On 1/15/19 06:12, Mark Thomas wrote: >> On 15/01/2019 10:43, Ravi Kumar wrote: >>> Hi All, >>> >>> I am facing an issue. It is kind of Security issue as Tomcat's >>> ETag header in Response header can reveal vital info. > >> What vital info? The ETag is constructed from the content length >> and the last modified date. > >>> We want to disable / turnoff this ETag header of Tomcat >>> webserver. Referred this link :- >>> https://serverfault.com/questions/232763/how-to-disable-etag-headers - - > >>> in-tomcat > <https://serverfault.com/questions/232763/how-to-disable-etag-headers- in-tomcat> >>> >>> > > but couldn't get success to disable this ETag. >>> >>> Appreciate your help ! > >> The approached described in that link won't work if the response >> is sufficiently large that the response has already been >> committed. You'd need to wrap the response, override >> setHeader(String, String) and NO-OP and calls that try to set the >> "ETag" header. > > That's what Tim's SO answer suggests. > > Ravi, I suspect that you haven't mapped the filter to your servlet > correctly. Can you post your configuration for your <filter>, > <filter-mapping>, and the URL you are trying to request? > > -chris > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > <mailto:users-unsubscr...@tomcat.apache.org> For additional > commands, e-mail: users-h...@tomcat.apache.org > <mailto:users-h...@tomcat.apache.org> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlw+RyYACgkQHPApP6U8 pFjJrw//Sb1Y/Y6HXu5UQJLxtcacZgHI9jbXHcJFLVJmd//WmqQlmiGpWQ69NlgI /d8R2DU934DDWAihRhKAl054VNILvYG52yhyUHBYmAdB6z1Y/xAmSdIgM3YCS5e+ NAaZXexrZKllWe9KUII00iaMfp+fP/kEH3v0nY7qrdKg3LELaM/wjgLtdrXcvjFP 4VQOeSRt6AnXOfUiyOTRXOwhe9S28vM3lZwv98da4+iwor8X2HJgIXwIScnu/Nxc 6EMrNMwgR2htsR92a31vDf2R111BaajrLgIBN7jzdEQlcFxwU4/SrS50Ha4NWEYB C39t8Bvymrdmqn9+WXm4ht9JX8872BqXH8G0zhMxqufRYZ+zWru7FKSxWI0d2QJ/ QdUUH11GgEfueYM+sGUQRbQ6hlWAILPCTqAz7ClrNRzdJAbxpTmwOzuyGyTzQ4Ew cvSQCNxWkF9Cu1R+lPyEf3A7SIJmrEBeoD6RNKrn+kxOcgDuHCYqL3/7CjHiV6UX upI3D7bqYAhR5hpa+7G6YoaFx2MeotYoUVwKy2L7B+kiUVN/8vJwVNEOhHziDDw/ JOg07wifi31GnJ1L+i/4aCNCx9uCxT+IHz+5ZfHE7rheaJY/Q2BAYtzpzf36J/QS nOiM7Mz6CH7FdXOjSVlWHcLwBR2dJISh9O7esYHW5h5FaFKtdHo= =4WKz -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
