h3. Problem Definition
When accessing URLs that aren’t under the application context and are not defined in Tomcat, Tomcat returns a 404 along with its own version.
h4. +Steps to reproduce problem+
h3. Suggested Solution
404 should be displayed but Tomcat shouldn’t disclose its own version
h3. Workaround
Alter the behavior of the error reporting by adding the following entry to your server.xml file:
{code:xmlborderStyle=solid|borderColor=#6A8EB3|bgColor=#F8F8F8}
<Valve className=“org.apache.catalina.valves.ErrorReportValve” showReport=“false” showServerInfo=“false”/>
{code}
Make sure the valve is not added within the Jira context but rather at the higher hierarchy level. Example:
{code:borderStyle=solid|borderColor=#6A8EB3|bgColor=#F8F8F8}
<Engine name=“Catalina” defaultHost=“localhost”>
<Host name=“localhost” appBase=“webapps” unpackWARs=“true” autoDeploy=“true”>
<Context path="j8201" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120" />
</Context>
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/>
</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%{sanitized.query}r %H" %s %b %D "%{sanitized.referer}r" "%{User-Agent}i" "%{jira.request.assession.id}r""/>
</Engine>
{code}
h4. +Note+
By adding {{showReport=“false”}} to the valve, Tomcat will only return the HTTP code as HTML.
Ref: [Apache Tomcat 8 Configuration Reference > The Valve Component > Error_Report_Valve|https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Error_Report_Valve]
Vendor | Product | Version | CPE |
---|---|---|---|
atlassian | jira_data_center | * | cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* |