https://bz.apache.org/bugzilla/show_bug.cgi?id=63852
--- Comment #15 from Konstantin Kolinko <knst.koli...@gmail.com> ---
Securing Apache Tomcat 8.5.x is documented at [1]. Both "server" attribute and
ErrorReportValve are documented there.
BTW, there is a typo in [1]. Its description of the default value "server"
attribute in [1] does not match the configuration reference [2]. ([1] says it
is "Apache-Coyote/1.1", [2] says it is none.)
> I'm leaning towards resolving this as WONTFIX.
+1
If one were to define a place to configure a server description then I think
that it would be at some container level (Host/Service/Server) or in
catalina.properties file, as a replacement for the current way of customizing
ServerInfo.properties file.
If server.info property of ServerInfo.properties file were exposed as a system
property (maybe by a custom PropertySource), one could write <Connector
server="${server.info}"> to have the same value as displayed by
ErrorReportValve. But actually I think that nobody wants such feature.
(The attribute "server" on a Connector is a protocol option for HTTP/1.1 for
one the headers defined by that protocol. It is a wrong place to define a
server-wide value. The Connector for AJP protocol [3] does not have such
option.)
[1] https://tomcat.apache.org/tomcat-8.5-doc/security-howto.html
[2] https://tomcat.apache.org/tomcat-8.5-doc/config/http.html
[3] https://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
