On 02/12/2011 18:12, jmpaul012 wrote: > > Sorry I didn't mean to ask the questions as though this forum is my private > consulting firm. I have done everything I could before I posted on this > forum. I have searched google, experts exchange, asked coworkers, and asked > my previous Tomcat professor. I will use your suggestions and I hope I can > figure this out. Thanks!
There are Tomcat professors? p > Christopher Schultz-2 wrote: >> > To whom it may concern, > > On 12/2/11 12:10 PM, jmpaul012 wrote: >>>>> So I am doing Tomcat STIGS and I am stuck on two of the STIGs. >>>>> >>>>> 1. How do I change what tomcat logs? I think it's something I >>>>> need to do in server.xml but I'm not sure. > > What have you tried so far? This is a community mailing list, not a > consulting agency. We're here to help, not to do things for you. > >>>>> This is what I need to log: >>>>> >>>>> • Date, Time • IP address of the host that initiated the request >>>>> • User ID supplied for HTTP authentication • HTTP Method • URL in >>>>> the request • The protocol and protocol version used to make the >>>>> request • Source and destination port numbers • Status codes for >>>>> the response • Size of the response in bytes • HTTP Status and >>>>> Referrer for the following events: > > That sounds a lot like an HTTP access log. Have you looked through the > "logging" documentation for your version of Tomcat for how to do > access logging? > >>>>> - Successful and unsuccessful attempts to access the web server >>>>> software. > > Depends upon your definition of "successful", "attempt", and "access". > >>>>> - Successful and unsuccessful attempts to access the web site. > > Ditto. > >>>>> - Successful and unsuccessful attempts to access the web >>>>> application. > > Ditto. > >>>>> 2. How do I view/change the HTTP header information of an >>>>> intranet site that is using Tomcat? I have to make sure the HTTP >>>>> header does not show information about the web server which would >>>>> include, web server product, version, or host operating system > > Generally speaking, it's nice to post different questions in separate > threads. It's not a huge deal, but it makes following a conversation > easier for others. > > Anyhow, you are looking for changing the "Server" response header, > right? That's in the documentation as well, but it might not be the > easiest thing to find. See below. > > Since you are looking at securing Tomcat, you might want to have a > look at the "Security Considerations" section of the Tomcat User Guide: > http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html > > (Make sure you use the right version -- I chose TC 7 because you never > told us what you were running). > > Hope that helps, > -chris >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> > -- [key:62590808]
signature.asc
Description: OpenPGP digital signature
