'Re: How to Disable / turn off the ETag header of Tomcat 7.0.92'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: How to Disable / turn off the ETag header of Tomcat 7.0.92
From:       Christopher Schultz <chris () christopherschultz ! net>
Date:       2019-01-17 17:44:49
Message-ID: fa78ef94-8c2c-364e-b4fe-9d0899ba4d24 () christopherschultz ! net
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Ravi,

On 1/16/19 05:21, Ravi Kumar wrote:
> Hi Chris  & Mark,
> 
> This is what I am doing in my web.xml file:-
> 
> <filter> <filter-name>NoEtagFilter</filter-name> 
> <filter-class>com.tibco.administrator.TestETagFilter</filter-class>
>
> 
</filter>
> 
> <filter-mapping> <filter-name>NoEtagFilter</filter-name> 
> <servlet-name>default</servlet-name>> 
> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> 
> </filter-mapping>
> 
> I don't have any code snippet in place in my Servlet Filter .

What do you mean, you "don't have any code snippet in place in [your]
servlet filter"? What does the code for TestETagFilter look like?

> Could you please suggest me further to disable this ETag header ?

That depends upon what you have already done.

> Query no. 2:-  Is there any way to set
> 
> *Header unset EtagFileETag none*

What you have above should accomplish it. If it is not working, then
something is wrong with your code or your configuration.

> in which of the Tomcat configuration file ? I am using Tomcat
> 7.0.92.

The Tomcat version should not matter too much, but thanks for
providing it.

- -chris

> On Wed, Jan 16, 2019 at 2:18 AM Christopher Schultz < 
> chris@christopherschultz.net> wrote:
> 
> Ravi,
> 
> On 1/15/19 09:41, Ravi Kumar wrote:
>>>> Please find my web.xml configuration file attached.
> 
> I don't see anything configured that looks like it might be an 
> "ignoreETagFilter". Did you configure it somewhere else?
> 
> -chris
> 
>>>> On Tue, Jan 15, 2019 at 7:44 PM Christopher Schultz 
>>>> <chris@christopherschultz.net 
>>>> <mailto:chris@christopherschultz.net>> wrote:
>>>> 
>>>> Mark,
>>>> 
>>>> On 1/15/19 06:12, Mark Thomas wrote:
>>>>> On 15/01/2019 10:43, Ravi Kumar wrote:
>>>>>> Hi All,
>>>>>> 
>>>>>> I am facing an issue. It is kind of Security issue as
>>>>>> Tomcat's ETag header in Response header can reveal vital
>>>>>> info.
>>>> 
>>>>> What vital info? The ETag is constructed from the content
>>>>> length and the last modified date.
>>>> 
>>>>>> We want to disable / turnoff this ETag header of Tomcat 
>>>>>> webserver. Referred this link :- 
>>>>>> https://serverfault.com/questions/232763/how-to-disable-etag-head
ers
>
>>>>>> 
- -
>>>> 
>>>>>> 
> in-tomcat
>>>> <https://serverfault.com/questions/232763/how-to-disable-etag-heade
rs-
>
>>>> 
in-tomcat
> <https://serverfault.com/questions/232763/how-to-disable-etag-headers-
in-tomcat>
>>>>
>>>>>>
>>>>>>
>>>>
>>>>
>
> 
but couldn't get success to disable this ETag.
>>>>>> 
>>>>>> Appreciate your help !
>>>> 
>>>>> The approached described in that link won't work if the
>>>>> response is sufficiently large that the response has
>>>>> already been committed. You'd need to wrap the response,
>>>>> override setHeader(String, String) and NO-OP and calls that
>>>>> try to set the "ETag" header.
>>>> 
>>>> That's what Tim's SO answer suggests.
>>>> 
>>>> Ravi, I suspect that you haven't mapped the filter to your
>>>> servlet correctly. Can you post your configuration for your
>>>> <filter>, <filter-mapping>, and the URL you are trying to
>>>> request?
>>>> 
>>>> -chris
>>>> 
>>>> -------------------------------------------------------------------
- --
>>>>
>>>>
>
>>>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> <mailto:users-unsubscribe@tomcat.apache.org> For additional 
>>>> commands, e-mail: users-help@tomcat.apache.org 
>>>> <mailto:users-help@tomcat.apache.org>
>>>> 
>>>> 
>>>> 
>>>> -------------------------------------------------------------------
- --
>>>>
>>>>
>
>>>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail:
>>>> users-help@tomcat.apache.org
>>>> 
>> 
>> ---------------------------------------------------------------------
>>
>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
>> 
> 
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxAvxEACgkQHPApP6U8
pFh4mw//R91Fbr1R4LjnM1+JykuOWnLRznLro+m6I3BwAcnLeoHME1bT5POdpiCZ
vTHEgfWz1KChKGzjIvCzHpON+pttuKiit0vlOb/9Zv+WN1EF+qb+bsRrqG1IFek2
p7LN28fsEJ4Nk2xmFv8B827QD8qop3VCSJ3hiT5J1LJNQNtTH6nfFvIc7eXFZ5WU
2GGHFcu/rNr7xnro61ccpbE296Fwzh5V71ANLxZY+XWl/6EC8QOcIs3dVzASu0c0
ZIsP9QzTLUGa+JgNhxeDvN6RICi50zDLo8w0C3+9zX4vcsWQBepsIKRR8RZOIsnT
4TUbWNGEQKOaIAmX8/wArfQn9jQOapBCkx2rGvJs+JX3ExsM6cqkmlGOs/GytcaN
0dtduXCwUEi6waPnW2R9CFqORoXdxpF5oovgffIqd3I4+1sNn2A5/hgND2hThcJN
LRjoVO1E1Sk/EhojJ22CTvwtzaiNM8+MMi0C5GoFBcsATdyj2Qethx1jHeb4cbtW
1GKMK6C7Sh00bTIE+6JjVIOYflVO/aG2KiLpIeElut+TJUw2atLBC24UPuVgvPhZ
C0FrKUUFhfNa2rn+QkH0n6VjQzh4tLpivYACegN0wBAQq6kRYPtzTx+ccEQhFFlV
Kx/glkpl5Vj4nXNXpF74Uj4JAMMVMFmVz25EWqtAZqetMDr8MLE=
=M2Ig
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic