Joey,
Thank you very much for the additional information. You may have just pointed out why my custom pages did not work. Thanks, Jerome A. Wendell From: Joey Cochran <[email protected]> Sent: Wednesday, October 22, 2025 11:13 AM To: 'Tomcat Users List' <[email protected]> Subject: Re: [EXTERNAL] RE: Tomcat Version Number on Error Pages Make sure the ErrorReportValve is last in the <Host> ... </Host> tags. Also, if you do custom pages, the Valve has "required "attributes for that as well. Thanks! -Joey Joey Cochran Systems Administrator II Middleware Developer Information Technology Division Middle Tennessee State University 615-898-2714 www.mtsu.edu <http://www.mtsu.edu> _____ From: Jerome A. Wendell <[email protected] <mailto:[email protected]> > Sent: Wednesday, October 22, 2025 10:08 AM To: 'Tomcat Users List' <[email protected] <mailto:[email protected]> > Subject: [EXTERNAL] RE: Tomcat Version Number on Error Pages Markus, Thanks for your reply. I tried doing just as you suggested, and I could never get it to work. Thanks, Jerome A. Wendell -----Original Message----- From: [email protected] <mailto:[email protected]> <[email protected] <mailto:[email protected]> > Sent: Wednesday, October 22, 2025 11:04 AM To: [email protected] <mailto:[email protected]> Subject: Re: Tomcat Version Number on Error Pages Maybe in addition: define in web.xml custom error pages: <!-- Custom error page for errors --> <error-page> <error-code>400</error-code> <location>/error400.html</location> </error-page> <error-page> <error-code>401</error-code> <location>/error401.html</location> </error-page> <error-page> <error-code>403</error-code> <location>/error403.html</location> </error-page> <error-page> <error-code>404</error-code> <location>/error404.html</location> </error-page> <error-page> <error-code>405</error-code> <location>/error405.html</location> </error-page> <error-page> <error-code>500</error-code> <location>/error500.html</location> </error-page> Make sure to create the appropriate files. Best regards Markus Am 22.10.25 um 16:54 schrieb Jerome A. Wendell: > Noelette, > > Thank you very much for your quick reply and the information. I really > appreciate it. I will give this a try. > > Thanks, > > Jerome A. Wendell > > > -----Original Message----- > From: Noelette Stout<[email protected] <mailto:[email protected]> > > Sent: Wednesday, October 22, 2025 10:48 AM > To: Tomcat Users List<[email protected] > <mailto:[email protected]> > > Subject: Re: Tomcat Version Number on Error Pages > > You can add this valve to your server.xml to keep it from showing the version > info. > > <Valve className="org.apache.catalina.valves.ErrorReportValve" > showReport="false" showServerInfo="false" /> > > Noelette > > On Wed, Oct 22, 2025 at 8:44 AM Jerome A. > Wendell<[email protected] <mailto:[email protected]> > > wrote: > >> We use Tomcat on a website that requires subscriptions, so payments >> are made on the website. With the new PCI Compliance regulations and >> scans, it appears that the version of Tomcat used being displayed on >> the error pages is a vulnerability. I have tried creating custom >> error pages based on information found from searching the web on this >> issue, but the solutions that I have tried do not work. Is there a >> way to prevent the Tomcat version number from being displayed on the >> error pages? >> >> >> >> Thanks, >> >> >> >> Jerome A. Wendell >> >> >> >> > -- > Noelette Stout > Enterprise Access Manager > Senior Application Administrator > Idaho State University > E-mail: stounoel "at" isu "dot" edu > Desk: 208-282-2554 > *I am sending this message now because it suits me, but I don’t expect > that you will read, respond to, or act on it outside of comfortable > hours for your time zone.* > > > --------------------------------------------------------------------- > To unsubscribe, e-mail:[email protected] > For additional commands, e-mail:[email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] <mailto:[email protected]> For additional commands, e-mail: [email protected] <mailto:[email protected]>
