Suite webserver is configured with a custom error page, which by default handles errors at the application and context levels. Errors that occur at the server level display default error pages. These pages show the server version and part of the stack trace, which poses a risk.
This article disables the Apache Tomcat server detailed HTTP server responses by adding configuration attributes to the
server.xml
file. The
$CATALINA_BASE/conf/server.xml
is the main configuration file. It is divided into several categories such as
Top Level Elements
,
Executors
,
Connectors
,
Containers
, and
Nested Components
. These categories contain configuration attributes that let you adjust the Apache Tomcat server’s functionality.
How to prevent a detailed HTTP error response when sending special characters
By default, when special characters such as
[]/{}\`”>
are added to the URL, the Tomcat server returns a 400 response that reveals information about the server, as in the image.
To solve this error, add the following properties to the HTTP
Connector
element in the
server.xml
file.
·
relaxedPathChars = '[]|{}^\`">'
·
relaxedQueryChars='[]|{}^\`">'
For example, enter the following statement in a single line:
