从错误页面屏蔽/隐藏 tomcat 版本的最佳方法是什么? [英] Which is the best way to mask / hide tomcat version from error pages?
问题描述
有人可以告诉我推荐以下两种方法中的哪一种以及为什么:
Could somebody please let me know which of the following two approaches is recommended and why :
进行必要的更改ServerInfo.properties
Make the necessary changes to ServerInfo.properties
在 web.xml 中定义错误页面"
Define "error-page" in web.xml
推荐答案
答案有点过时,所以:如果您使用的是 tomcat 6 或更新版本(我已经在 tomcat 7 上测试过),您可以使用 ErrorReportValve以更易于配置和维护的方式实现相同的目标.只需将以下行添加到 server.xml 的 Host 部分(您应该已经拥有 AccessLogValve:
The answers are a bit outdated, so: If you're using a tomcat 6 or newer (I've tested on tomcat 7) you can use the ErrorReportValve to achieve the same in a way that is much easier to configure and maintain. Just add the following lines to the Host section of your server.xml (where you should already have the AccessLogValve:
<Valve className="org.apache.catalina.valves.ErrorReportValve"
showReport="false"
showServerInfo="false"/>
通过这种方式,您隐藏了服务器信息和(因为可选的 showReport=false)还有堆栈跟踪.
In this way you are hiding the server info and (because of the optional showReport=false) also the stack traces.
You can read more about this in the Security How To and in the documentation of the Error Report Valve.
这篇关于从错误页面屏蔽/隐藏 tomcat 版本的最佳方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!