Hi Chris & Mark,
This is what I am doing in my web.xml file:-
<filter>
<filter-name>NoEtagFilter</filter-name>
<filter-class>com.tibco.administrator.TestETagFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>NoEtagFilter</filter-name>
<servlet-name>default</servlet-name>>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
I don't have any code snippet in place in my Servlet Filter .
Could you please suggest me further to disable this ETag header ?
Query no. 2:- Is there any way to set
*Header unset EtagFileETag none*
in which of the Tomcat configuration file ? I am using Tomcat 7.0.92.
Please suggest .
Thanks,
Ravi
On Wed, Jan 16, 2019 at 2:18 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Ravi,
>
> On 1/15/19 09:41, Ravi Kumar wrote:
> > Please find my web.xml configuration file attached.
>
> I don't see anything configured that looks like it might be an
> "ignoreETagFilter". Did you configure it somewhere else?
>
> - -chris
>
> > On Tue, Jan 15, 2019 at 7:44 PM Christopher Schultz
> > <ch...@christopherschultz.net
> > <mailto:ch...@christopherschultz.net>> wrote:
> >
> > Mark,
> >
> > On 1/15/19 06:12, Mark Thomas wrote:
> >> On 15/01/2019 10:43, Ravi Kumar wrote:
> >>> Hi All,
> >>>
> >>> I am facing an issue. It is kind of Security issue as Tomcat's
> >>> ETag header in Response header can reveal vital info.
> >
> >> What vital info? The ETag is constructed from the content length
> >> and the last modified date.
> >
> >>> We want to disable / turnoff this ETag header of Tomcat
> >>> webserver. Referred this link :-
> >>> https://serverfault.com/questions/232763/how-to-disable-etag-headers
> - -
> >
> >>>
> in-tomcat
> > <https://serverfault.com/questions/232763/how-to-disable-etag-headers-
> in-tomcat
> <https://serverfault.com/questions/232763/how-to-disable-etag-headers-in-tomcat>
> >
> >>>
> >>>
> >
> >
> but couldn't get success to disable this ETag.
> >>>
> >>> Appreciate your help !
> >
> >> The approached described in that link won't work if the response
> >> is sufficiently large that the response has already been
> >> committed. You'd need to wrap the response, override
> >> setHeader(String, String) and NO-OP and calls that try to set the
> >> "ETag" header.
> >
> > That's what Tim's SO answer suggests.
> >
> > Ravi, I suspect that you haven't mapped the filter to your servlet
> > correctly. Can you post your configuration for your <filter>,
> > <filter-mapping>, and the URL you are trying to request?
> >
> > -chris
> >
> > ---------------------------------------------------------------------
> >
> >
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > <mailto:users-unsubscr...@tomcat.apache.org> For additional
> > commands, e-mail: users-h...@tomcat.apache.org
> > <mailto:users-h...@tomcat.apache.org>
> >
> >
> >
> > ---------------------------------------------------------------------
> >
> >
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlw+RyYACgkQHPApP6U8
> pFjJrw//Sb1Y/Y6HXu5UQJLxtcacZgHI9jbXHcJFLVJmd//WmqQlmiGpWQ69NlgI
> /d8R2DU934DDWAihRhKAl054VNILvYG52yhyUHBYmAdB6z1Y/xAmSdIgM3YCS5e+
> NAaZXexrZKllWe9KUII00iaMfp+fP/kEH3v0nY7qrdKg3LELaM/wjgLtdrXcvjFP
> 4VQOeSRt6AnXOfUiyOTRXOwhe9S28vM3lZwv98da4+iwor8X2HJgIXwIScnu/Nxc
> 6EMrNMwgR2htsR92a31vDf2R111BaajrLgIBN7jzdEQlcFxwU4/SrS50Ha4NWEYB
> C39t8Bvymrdmqn9+WXm4ht9JX8872BqXH8G0zhMxqufRYZ+zWru7FKSxWI0d2QJ/
> QdUUH11GgEfueYM+sGUQRbQ6hlWAILPCTqAz7ClrNRzdJAbxpTmwOzuyGyTzQ4Ew
> cvSQCNxWkF9Cu1R+lPyEf3A7SIJmrEBeoD6RNKrn+kxOcgDuHCYqL3/7CjHiV6UX
> upI3D7bqYAhR5hpa+7G6YoaFx2MeotYoUVwKy2L7B+kiUVN/8vJwVNEOhHziDDw/
> JOg07wifi31GnJ1L+i/4aCNCx9uCxT+IHz+5ZfHE7rheaJY/Q2BAYtzpzf36J/QS
> nOiM7Mz6CH7FdXOjSVlWHcLwBR2dJISh9O7esYHW5h5FaFKtdHo=
> =4WKz
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
