ocket8888 opened a new issue #3946: Hide Exact Nature of Server-side Errors from Clients URL: https://github.com/apache/trafficcontrol/issues/3946 ## I'm submitting an - [x] improvement request (usability, performance, tech debt, etc.) ## Traffic Control components affected ... - Traffic Control Client (Possibly) - Traffic Ops ## Current behavior: Traffic Ops returns a variety of 5XX server-side errors to clients based on conditions on the server. The actual number, location and scenarios wherein these occur are unknown - though a simple grep for `http\.Status` and manual filtering should reveal them - but the best-known case is when the Perl server is unavailable, in which case the Go server returns a `502 BAD GATEWAY` response. ## Expected / new behavior: In order to expose as little as possible information about the underlying ATC infrastructure to potential attackers, Traffic Ops should instead log specific information but always return the most generic server-side response error code: `500 INTERNAL SERVER ERROR`.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
