Hi,

If you use just non-supported outputformat
http://localhost:8080/geoserver/topp/wms?service=WMS&version=1.1.0&request=GetMap&layers=topp%3Astates&bbox=-124.73142200000001%2C24.955967%2C-66.969849%2C49.371735&width=768&height=330&srs=EPSG%3A4326&format=image/png88

then the error is
<ServiceException code="InvalidFormat">
      There is no support for creating maps in image/png88 format

Your error comes from non-numeric height parameter
http://localhost:8080/geoserver/topp/wms?service=WMS&version=1.1.0&request=GetMap&layers=topp%3Astates&bbox=-124.73142200000001%2C24.955967%2C-66.969849%2C49.371735&width=768&height=acu330&srs=EPSG%3A4326&format=image/png8

gives similar error
<ServiceException>
      java.lang.NumberFormatException: For input string: &quot;acu330&quot;


By reading the WMS 1.3.0 standard such invalid WIDTH and HEIGHT parameters are 
not really deald in it. What is closest is in this:
“If the WMS server has declared that a Layer has fixed width and height, as 
described in 7.2.4.7.5, then the client shall specify exactly those WIDTH and 
HEIGHT values in the GetMap request and the server may issue a service 
exception otherwise.”

The message reveals that server is Java based which is something that the end 
user does not need to know. It is also telling that number format used in the 
request is not correct and that’s useful information for the user. Disabling 
the whole exception in not possible because it is mandatory. So what is left is 
filtering the “java.lang” away. I believe it could be done (I am not a 
developer) but I believe that it would not be any huge improvement for the 
security. If somebody proves that I am wrong I can change my mind.

-Jukka Rahkonen-



Lähettäjä: Naresh N [mailto:naresh...@gmail.com]
Lähetetty: 30. elokuuta 2018 9:52
Vastaanottaja: Rahkonen Jukka (MML) <jukka.rahko...@maanmittauslaitos.fi>
Aihe: Re: [Geoserver-users] Disabling error response of WMS/WFS to the 
Clients/users

Dear  Dear Jukka Rahkonent,

Please find the below request
http://bhuvan-suvidha.nrsc.gov.in/geoserver/wms/reflect?layers=geonode:kds_name&width=200&height=150&format=image/png8&fo
rmat=image/png8&height=acu7746%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca7746&layers=geonode
:kds_name&width=200

The above request is generated by Web Application Security tool, and is is 
listed as security alert as it is showing the error message as  
java.lang.Number Format Exception.  Recommendation is to disable the error 
message. Kindly help me to resolve this.

Thanks&Regards,
Naresh

On Thu, Aug 30, 2018 at 11:17 AM Rahkonen Jukka (MML) 
<jukka.rahko...@maanmittauslaitos.fi<mailto:jukka.rahko...@maanmittauslaitos.fi>>
 wrote:
Hi,

Please show the whole request with the wrong &FORMAT= parameter.

-Jukka Rahkonen-
________________________________
Lähettäjä: Naresh N<mailto:naresh...@gmail.com>
Lähetetty: ‎30.‎8.‎2018 7:22
Vastaanottaja: Rahkonen Jukka (MML)<mailto:jukka.rahko...@maanmittauslaitos.fi>
Aihe: Re: [Geoserver-users] Disabling error response of WMS/WFS to the 
Clients/users
Dear Jukka Rahkonent,

Thanks for the response. The error message  ' java.lang.Number FormatException' 
belongs to InvaildFormat.  Instead of showing service exception i.,e 
java.lang.Number Format Exception, how to display InvalidFormat message to 
user. Although this erros is not displaying any sensitive information, as per 
our security alerts measure,  we want disable the error messages. Kindly let me 
know how to do.

Thanks&Regards,
Naresh

On Wed, Aug 29, 2018 at 8:08 PM Rahkonen Jukka (MML) 
<jukka.rahko...@maanmittauslaitos.fi<mailto:jukka.rahko...@maanmittauslaitos.fi>>
 wrote:
Hi,

I suppose that you mean the contents " java.lang.NumberFormatException: For 
input string:".  Exceptions are compulsory by the WMS standard. The following 
codes are reserved for special meanings.

InvalidFormat
InvalidCRS
LayerNotDefined
StyleNotDefined
LayerNotQueryable
InvalidPoint
CurrentUpdateSequence
InvalidUpdateSequence
MissingDimensionValue
InvalidDimensionValue
OperationNotSupported

The error that triggers your error does not quite suit with these predefined 
meanings and therefore the error code must be something else. The code that you 
get now is "java.lang.NumberFormatException". At least it is somewhat 
informative but would you rather see some other text as an error message?

Client can also ask exceptions in another format with &EXCEPTIONS=INIMAGE of 
&EXCEPTIONS=BLANK, but the default XML format is still mandatory and it can't 
be turned off.

-Jukka Rahkonen-

-----Alkuperäinen viesti-----
Lähettäjä: naresh [mailto:naresh...@gmail.com<mailto:naresh...@gmail.com>]
Lähetetty: 29. elokuuta 2018 16:33
Vastaanottaja: 
geoserver-users@lists.sourceforge.net<mailto:geoserver-users@lists.sourceforge.net>
Aihe: [Geoserver-users] Disabling error response of WMS/WFS to the Clients/users

Hello ALL,

Please see the following error message received on wrong values of params of 
WMS reqeust

<ServiceExceptionReport xmlns="http://www.opengis.net/ogc";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; version="1.3.0"
xsi:schemaLocation="http://www.opengis.net/ogc
http://bhuvan-suvidha.nrsc.gov.in/geoserver/schemas/wms/1.3.0/exceptions_1_3_0.xsd";>
<ServiceException>
java.lang.NumberFormatException: For input string: "" For input string: ""
</ServiceException>
</ServiceExceptionReport>

I want to disable the error message, it should not be displayed to user

*How to disable errors displaying messages in Geoserver. *

Please help solving my issue

Thanks&Regards,
Naresh




--
Sent from: http://osgeo-org.1560.x6.nabble.com/GeoServer-User-f3786390.html

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most engaging tech 
sites, Slashdot.org! http://sdm.link/slashdot 
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net<mailto:Geoserver-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/geoserver-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Reply via email to