How to suppress displaying the Apache Tomcat version on HTTP 400 Bad Request error page on the Enforce Server
search cancel

How to suppress displaying the Apache Tomcat version on HTTP 400 Bad Request error page on the Enforce Server

book

Article ID: 274462

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention

Issue/Introduction

This article describes to suppress, or hide, the Apache Tomcat version which will by default be displayed on the HTTP 400 Bad Request page should such error occur. 

Environment

Release : 15.8 or later

Cause

The default behavior of an Apache Tomcat server is that it will display the version information on the HTTP 400 Bad Request page.

Resolution

1. On the Enforce server locate server.xml configuration file which by default is located in the following path:

C:\Program Files\Symantec\DataLossPrevention\EnforceServer\<DLP Version>\Protect\tomcat\conf\server.xml

2. Backup the original file.

3. Open the file in a text editor of preference.

4. Add the following line between the Host XML nodes:

<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="true" showServerInfo="false"/>

The end result should look like visible on the screenshot below:

5. Save the file and restart the Symantec DLP Manager Service on the Enforce Server.

6. After the restart the Apache Tomcat version will no longer be displayed on the HTTP 400 Bad Request page.

Additional Information

This change in the server.xml configuration file will suppress both the actual error message and the Apache Tomcat version. If you wish to hide the version, but still show the error content then the showReport should be set to true, while showServerInfo remains as false:

<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="true" showServerInfo="false"/>

Powered by Wolken Software