[jira] [Created] (GERONIMO-6470) Enable the tomcat feature to Modify Apache-Coyote/1.1 Banner

Tue, 28 May 2013 00:03:20 -0700 

xiezhi created GERONIMO-6470:
--------------------------------

             Summary: Enable the tomcat feature to Modify Apache-Coyote/1.1 
Banner
                 Key: GERONIMO-6470
                 URL: https://issues.apache.org/jira/browse/GERONIMO-6470
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: Tomcat
    Affects Versions: 1.x
            Reporter: xiezhi
            Priority: Minor


In Response Headers, it exposure the version number of the Apache Tomcat Web 
Server which runs on port 8080 by default.
We hope to modify the TomcatWebConnector'attribute server to protect this 
information.
I think the good pratice is below.

In <geronimo-home>\var\config\config.xml
  <module name="geronimo/tomcat/1.1/car">
    <gbean name="TomcatEngine">
      <attribute name="initParams">name=Geronimo</attribute>
      <reference name="TomcatValveChain"/>
    </gbean>
    <gbean load="false" name="FirstValve"/>
    <gbean load="false" name="SecondValve"/>
    <gbean name="TomcatResources"/>
    <gbean name="TomcatWebConnector">
      <attribute name="host">0.0.0.0</attribute>
      <attribute name="port">8080</attribute>
      <attribute name="redirectPort">8443</attribute>
      <attribute name="bufferSizeBytes">2048</attribute>
      <attribute name="maxThreads">150</attribute>
      <attribute name="acceptQueueSize">100</attribute>
      <attribute name="lingerMillis">-1</attribute>
      <attribute name="tcpNoDelay">true</attribute>
      <attribute name="minSpareThreads">25</attribute>
      <attribute name="maxSpareThreads">75</attribute>
      <attribute name="maxHttpHeaderSizeBytes">8192</attribute>
      <attribute name="hostLookupEnabled">false</attribute>
      <attribute name="connectionTimeoutMillis">20000</attribute>
      <attribute name="uploadTimeoutEnabled">false</attribute>
      <attribute name="maxPostSize">2097152</attribute>
      <attribute name="maxSavePostSize">4096</attribute>
      <attribute name="emptySessionPath">false</attribute>
      <attribute name="server">TestResponseHead</attribute>
    </gbean>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to