Hello all,
I would like to systematically hide a request header to web applications
hosted by Tomcat.
- If Apache HTTPD is used in front of Tomcat, you can use the
RequestHeader directive [0]:
RequestHeader unset Some-Header-Name
- If NGINX is used in front of Tomcat, you can use the proxy_set_header
directive [1]:
proxy_set_header Some-Header-Name "";
- Is there any way to apply a similar configuration (no development [2])
to Apache Tomcat when there is no front server ?
I could not find any built-in valve/filter that would allow such
filtering. I don't think there is any, but I wanted to make sure I had
not missed something.
Olivier
[0] https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader
[1]
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header
[2] I know it is possible to develop a quite simple custom ServletFilter
to wrap the request with a custom HttpServletRequest wrapper, but I'm
looking for a zero development possibility. For those of your reading
this discussion later and looking for a development solution, you can
find inspiration in the following github repo that you can adapt to
handle removal https://github.com/lonelyplanet/tomcat-request-header-filter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
