-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ravi,
On 1/16/19 05:21, Ravi Kumar wrote: > Hi Chris & Mark, > > This is what I am doing in my web.xml file:- > > <filter> <filter-name>NoEtagFilter</filter-name> > <filter-class>com.tibco.administrator.TestETagFilter</filter-class> > > </filter> > > <filter-mapping> <filter-name>NoEtagFilter</filter-name> > <servlet-name>default</servlet-name>> > <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> > </filter-mapping> > > I don't have any code snippet in place in my Servlet Filter . What do you mean, you "don't have any code snippet in place in [your] servlet filter"? What does the code for TestETagFilter look like? > Could you please suggest me further to disable this ETag header ? That depends upon what you have already done. > Query no. 2:- Is there any way to set > > *Header unset EtagFileETag none* What you have above should accomplish it. If it is not working, then something is wrong with your code or your configuration. > in which of the Tomcat configuration file ? I am using Tomcat > 7.0.92. The Tomcat version should not matter too much, but thanks for providing it. - -chris > On Wed, Jan 16, 2019 at 2:18 AM Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Ravi, > > On 1/15/19 09:41, Ravi Kumar wrote: >>>> Please find my web.xml configuration file attached. > > I don't see anything configured that looks like it might be an > "ignoreETagFilter". Did you configure it somewhere else? > > -chris > >>>> On Tue, Jan 15, 2019 at 7:44 PM Christopher Schultz >>>> <ch...@christopherschultz.net >>>> <mailto:ch...@christopherschultz.net>> wrote: >>>> >>>> Mark, >>>> >>>> On 1/15/19 06:12, Mark Thomas wrote: >>>>> On 15/01/2019 10:43, Ravi Kumar wrote: >>>>>> Hi All, >>>>>> >>>>>> I am facing an issue. It is kind of Security issue as >>>>>> Tomcat's ETag header in Response header can reveal vital >>>>>> info. >>>> >>>>> What vital info? The ETag is constructed from the content >>>>> length and the last modified date. >>>> >>>>>> We want to disable / turnoff this ETag header of Tomcat >>>>>> webserver. Referred this link :- >>>>>> https://serverfault.com/questions/232763/how-to-disable-etag-head ers > >>>>>> - - >>>> >>>>>> > in-tomcat >>>> <https://serverfault.com/questions/232763/how-to-disable-etag-heade rs- > >>>> in-tomcat > <https://serverfault.com/questions/232763/how-to-disable-etag-headers- in-tomcat> >>>> >>>>>> >>>>>> >>>> >>>> > > but couldn't get success to disable this ETag. >>>>>> >>>>>> Appreciate your help ! >>>> >>>>> The approached described in that link won't work if the >>>>> response is sufficiently large that the response has >>>>> already been committed. You'd need to wrap the response, >>>>> override setHeader(String, String) and NO-OP and calls that >>>>> try to set the "ETag" header. >>>> >>>> That's what Tim's SO answer suggests. >>>> >>>> Ravi, I suspect that you haven't mapped the filter to your >>>> servlet correctly. Can you post your configuration for your >>>> <filter>, <filter-mapping>, and the URL you are trying to >>>> request? >>>> >>>> -chris >>>> >>>> ------------------------------------------------------------------- - -- >>>> >>>> > >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> <mailto:users-unsubscr...@tomcat.apache.org> For additional >>>> commands, e-mail: users-h...@tomcat.apache.org >>>> <mailto:users-h...@tomcat.apache.org> >>>> >>>> >>>> >>>> ------------------------------------------------------------------- - -- >>>> >>>> > >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: >>>> users-h...@tomcat.apache.org >>>> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxAvxEACgkQHPApP6U8 pFh4mw//R91Fbr1R4LjnM1+JykuOWnLRznLro+m6I3BwAcnLeoHME1bT5POdpiCZ vTHEgfWz1KChKGzjIvCzHpON+pttuKiit0vlOb/9Zv+WN1EF+qb+bsRrqG1IFek2 p7LN28fsEJ4Nk2xmFv8B827QD8qop3VCSJ3hiT5J1LJNQNtTH6nfFvIc7eXFZ5WU 2GGHFcu/rNr7xnro61ccpbE296Fwzh5V71ANLxZY+XWl/6EC8QOcIs3dVzASu0c0 ZIsP9QzTLUGa+JgNhxeDvN6RICi50zDLo8w0C3+9zX4vcsWQBepsIKRR8RZOIsnT 4TUbWNGEQKOaIAmX8/wArfQn9jQOapBCkx2rGvJs+JX3ExsM6cqkmlGOs/GytcaN 0dtduXCwUEi6waPnW2R9CFqORoXdxpF5oovgffIqd3I4+1sNn2A5/hgND2hThcJN LRjoVO1E1Sk/EhojJ22CTvwtzaiNM8+MMi0C5GoFBcsATdyj2Qethx1jHeb4cbtW 1GKMK6C7Sh00bTIE+6JjVIOYflVO/aG2KiLpIeElut+TJUw2atLBC24UPuVgvPhZ C0FrKUUFhfNa2rn+QkH0n6VjQzh4tLpivYACegN0wBAQq6kRYPtzTx+ccEQhFFlV Kx/glkpl5Vj4nXNXpF74Uj4JAMMVMFmVz25EWqtAZqetMDr8MLE= =M2Ig -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
