The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.33.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Terrence,
On 8/18/18 10:39 PM, Terence M. Bandoian wrote:
> On 8/17/2018 8:52 AM, Christopher Schultz wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>
>> Mark,
>>
>> On 8/17/18 3:54 AM, Mark Thomas wrote:
>>> On 16/08/18 18:19, Bernebu
Chris (and Mark)
Bingo!
cjb> Due to security concerns and general fussiness on my part, I'd like
cjb> to prevent users from requesting JSP pages directly [...]. That
cjb> way I can legitimately claim that all requests are being validated,
cjb> input scrubbed, JSP's cannot be taken advantage o
On Mon, Aug 20, 2018 at 1:19 PM, Berneburg, Cris J. - US
wrote:
> Hi Woonsan
>
> Thanks for providing an "option C". :-) There is still much for me to learn.
You're welcome. :-)
>
> cjb> Due to security concerns and general fussiness on my part, I'd like
> cjb> to prevent users from requesting
Hi Mark
Thanks for taking the time to reply. :-)
cjb> Due to security concerns and general fussiness on my part, I'd like
cjb> to prevent users from requesting JSP pages directly [...]. That
cjb> way I can legitimately claim that all requests are being validated,
cjb> input scrubbed, JSP's c
Hi Woonsan
Thanks for providing an "option C". :-) There is still much for me to learn.
cjb> Due to security concerns and general fussiness on my part, I'd like
cjb> to prevent users from requesting JSP pages directly [...]. That
cjb> way I can legitimately claim that all requests are being
Hi Chris
Thanks for your insight and reply.
cjb> I'd like to prevent users from requesting JSP pages directly,
cjb> except for the login page.
cs> Why except for the login page? I would include the login page
cs> as something that should be fronted with a (non-JSP) servlet,
cs> even if that serv
Hi Louis
Thanks for replying to my request for help. :-)
cjb> Due to security concerns and general fussiness on my part, I'd like
cjb> to prevent users from requesting JSP pages directly [...]. That
cjb> way I can legitimately claim that all requests are being validated,
cjb> input scrubbed,
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.11.
Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.
Apache Tomcat 9.0.11 is a bugfix and feat
David
Thanks for taking the time to reply. :-)
cjb> Due to security concerns and general fussiness on my part, I'd like to
cjb> prevent users from requesting JSP pages directly [...]. That way I can
cjb> legitimately claim that all requests are being validated, input scrubbed,
cjb> JSP's cannot
I've solved this by removing the completely and
doing a 301 redirect to https:// in nginx (which is in front of
Tomcat) instead:
https://nginx.org/en/docs/http/converting_rewrite_rules.html
Also added HTST header as suggested in this thread:
https://tomcat.apache.org/tomcat-8.0-doc/config/filter.
11 matches
Mail list logo
