Andy Huang created GEODE-8518:
---------------------------------
Summary: How should I do to turn off the Jetty version messages
when occur 404 error in Geode
Key: GEODE-8518
URL: https://issues.apache.org/jira/browse/GEODE-8518
Project: Geode
Issue Type: Improvement
Components: security
Affects Versions: 1.13.0, 1.6.0
Reporter: Andy Huang
We are using apache geode v1.6.0 and we also use Geode rest api. However, when
our customer do vulnerability test, they found a potential security risk and we
need to fix that..
The report says, http://:7070 shows the following message
{quote}HTTP ERROR 404
Problem accessing /. Reason:
Not Found
**Powered by Jetty:// 9.4.8.v20171121**
{quote}
As you can see, Jetty version was shown, and this is reported as a risk. I
searched a lot and found we can turn off the message by configure Jetty setting
as follows
{quote}{{<Item>
<New id="DefaultHandler"
class="org.eclipse.jetty.server.handler.DefaultHandler">
<Set name="showContexts">false</Set>
</New>
</Item>}}
{quote}
But, Jetty is embedded in the Geode, how should I do to set the showContexts to
false?
Any suggestion will be appreciate, thanks a lot.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
