Skip to main content
Mitratech Success Center

Client Support Center

Need help? Click a product group below to select your application and get access to knowledge articles, webinars, training content, and release notes or to contact our support team.

Authorized users - log in to create a ticket, view tickets status and check your success plan details.

 

How to Change the Default Server HTTP Error Responses

  1. Last updated
  2. Save as PDF

Suite webserver is configured with a custom error page, which by default handles errors at the application and context levels. Errors that occur at the server level display default error pages. These pages show the server version and part of the stack trace, which poses a risk.

 

This article disables the Apache Tomcat server detailed HTTP server responses by adding configuration attributes to the server.xml file. The $CATALINA_BASE/conf/server.xml is the main configuration file. It is divided into several categories such as Top Level Elements, Executors, Connectors, Containers, and Nested Components. These categories contain configuration attributes that let you adjust the Apache Tomcat server’s functionality.

 

How to prevent a detailed HTTP error response when sending special characters

 

By default, when special characters such as []/{}\`”> are added to the URL, the Tomcat server returns a 400 response that reveals information about the server, as in the image.

HTTP01.png

To solve this error, add the following properties to the HTTP Connector element in the server.xml file.

 

·      relaxedPathChars = '[]|{}^\`">'

·      relaxedQueryChars='[]|{}^\`">'

 

For example, enter the following statement in a single line:

 

<Connector connectionTimeout=”20000” port=”8080” protocol=”HTTP/1.1” redirectPort=”8443” relaxedPathChars='[]|{}^\`">' relaxedQueryChars='[]|{}^\`">'

 

How to prevent a detailed HTTP error response when sending a long parameter

 

By default, when a long parameter is sent, the Tomcat server returns a 400 response that reveals information about the server, as in the image.

 

HTTP02.png

To solve this error, add maxHttpHeaderSize to the HTTP Connector element in the server.xml file.  maxHttpHeaderSize is the maximum allowed size of the request and response HTTP headers in bytes. Its default value is 8192B (8kB).

 

 

How to configure HTTP error responses with ErrorReportValve

 

ErrorReportValve is a simple error handler for HTTP status codes that generates and returns HTML error pages. You can configure ErrorReportValve on the server.xml file to avoid showing default error pages when an error at the server level occurs. The syntax is as follows:

 

<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />
 

Note: When you disable both showServerInfo and showReport, only the HTTP status code is returned.

 

ErrorReportValve configuration attributes are described in the following table:

Attribute

Description

className

The Java class name of the implementation to use.  To use the default error report valve, set it to org.apache.catalina.valves.ErrorReportValve 

showReport

Flag to determine if the error report (custom error message and/or stack trace) is presented when an error occurs. If set to false, then the error report is not returned in the HTML response. Default value: true.

showServerInfo

Flag to determine if server information is presented when an error occurs. If set to false, then the server version is not returned in the HTML response. Default value: true.

 

 

 

 

 

 

 

 

 

 

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Classifications
    This page has no classifications.
  2. Tags
    1. Apache Tomcat
    2. HTTP
    3. HTTP errors
    4. server.xml