[prev in list] [next in list] [prev in thread] [next in thread]
List: tomcat-user
Subject: Re: How to Disable / turn off the ETag header of Tomcat 7.0.92
From: Christopher Schultz <chris () christopherschultz ! net>
Date: 2019-01-17 17:44:49
Message-ID: fa78ef94-8c2c-364e-b4fe-9d0899ba4d24 () christopherschultz ! net
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Ravi,
On 1/16/19 05:21, Ravi Kumar wrote:
> Hi Chris & Mark,
>
> This is what I am doing in my web.xml file:-
>
> <filter> <filter-name>NoEtagFilter</filter-name>
> <filter-class>com.tibco.administrator.TestETagFilter</filter-class>
>
>
</filter>
>
> <filter-mapping> <filter-name>NoEtagFilter</filter-name>
> <servlet-name>default</servlet-name>>
> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher>
> </filter-mapping>
>
> I don't have any code snippet in place in my Servlet Filter .
What do you mean, you "don't have any code snippet in place in [your]
servlet filter"? What does the code for TestETagFilter look like?
> Could you please suggest me further to disable this ETag header ?
That depends upon what you have already done.
> Query no. 2:- Is there any way to set
>
> *Header unset EtagFileETag none*
What you have above should accomplish it. If it is not working, then
something is wrong with your code or your configuration.
> in which of the Tomcat configuration file ? I am using Tomcat
> 7.0.92.
The Tomcat version should not matter too much, but thanks for
providing it.
- -chris
> On Wed, Jan 16, 2019 at 2:18 AM Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
> Ravi,
>
> On 1/15/19 09:41, Ravi Kumar wrote:
>>>> Please find my web.xml configuration file attached.
>
> I don't see anything configured that looks like it might be an
> "ignoreETagFilter". Did you configure it somewhere else?
>
> -chris
>
>>>> On Tue, Jan 15, 2019 at 7:44 PM Christopher Schultz
>>>> <chris@christopherschultz.net
>>>> <mailto:chris@christopherschultz.net>> wrote:
>>>>
>>>> Mark,
>>>>
>>>> On 1/15/19 06:12, Mark Thomas wrote:
>>>>> On 15/01/2019 10:43, Ravi Kumar wrote:
>>>>>> Hi All,
>>>>>>
>>>>>> I am facing an issue. It is kind of Security issue as
>>>>>> Tomcat's ETag header in Response header can reveal vital
>>>>>> info.
>>>>
>>>>> What vital info? The ETag is constructed from the content
>>>>> length and the last modified date.
>>>>
>>>>>> We want to disable / turnoff this ETag header of Tomcat
>>>>>> webserver. Referred this link :-
>>>>>> https://serverfault.com/questions/232763/how-to-disable-etag-head
ers
>
>>>>>>
- -
>>>>
>>>>>>
> in-tomcat
>>>> <https://serverfault.com/questions/232763/how-to-disable-etag-heade
rs-
>
>>>>
in-tomcat
> <https://serverfault.com/questions/232763/how-to-disable-etag-headers-
in-tomcat>
>>>>
>>>>>>
>>>>>>
>>>>
>>>>
>
>
but couldn't get success to disable this ETag.
>>>>>>
>>>>>> Appreciate your help !
>>>>
>>>>> The approached described in that link won't work if the
>>>>> response is sufficiently large that the response has
>>>>> already been committed. You'd need to wrap the response,
>>>>> override setHeader(String, String) and NO-OP and calls that
>>>>> try to set the "ETag" header.
>>>>
>>>> That's what Tim's SO answer suggests.
>>>>
>>>> Ravi, I suspect that you haven't mapped the filter to your
>>>> servlet correctly. Can you post your configuration for your
>>>> <filter>, <filter-mapping>, and the URL you are trying to
>>>> request?
>>>>
>>>> -chris
>>>>
>>>> -------------------------------------------------------------------
- --
>>>>
>>>>
>
>>>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> <mailto:users-unsubscribe@tomcat.apache.org> For additional
>>>> commands, e-mail: users-help@tomcat.apache.org
>>>> <mailto:users-help@tomcat.apache.org>
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------------------
- --
>>>>
>>>>
>
>>>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail:
>>>> users-help@tomcat.apache.org
>>>>
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxAvxEACgkQHPApP6U8
pFh4mw//R91Fbr1R4LjnM1+JykuOWnLRznLro+m6I3BwAcnLeoHME1bT5POdpiCZ
vTHEgfWz1KChKGzjIvCzHpON+pttuKiit0vlOb/9Zv+WN1EF+qb+bsRrqG1IFek2
p7LN28fsEJ4Nk2xmFv8B827QD8qop3VCSJ3hiT5J1LJNQNtTH6nfFvIc7eXFZ5WU
2GGHFcu/rNr7xnro61ccpbE296Fwzh5V71ANLxZY+XWl/6EC8QOcIs3dVzASu0c0
ZIsP9QzTLUGa+JgNhxeDvN6RICi50zDLo8w0C3+9zX4vcsWQBepsIKRR8RZOIsnT
4TUbWNGEQKOaIAmX8/wArfQn9jQOapBCkx2rGvJs+JX3ExsM6cqkmlGOs/GytcaN
0dtduXCwUEi6waPnW2R9CFqORoXdxpF5oovgffIqd3I4+1sNn2A5/hgND2hThcJN
LRjoVO1E1Sk/EhojJ22CTvwtzaiNM8+MMi0C5GoFBcsATdyj2Qethx1jHeb4cbtW
1GKMK6C7Sh00bTIE+6JjVIOYflVO/aG2KiLpIeElut+TJUw2atLBC24UPuVgvPhZ
C0FrKUUFhfNa2rn+QkH0n6VjQzh4tLpivYACegN0wBAQq6kRYPtzTx+ccEQhFFlV
Kx/glkpl5Vj4nXNXpF74Uj4JAMMVMFmVz25EWqtAZqetMDr8MLE=
=M2Ig
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic