Hello Joakim,
Thanks, that does take care of the stack trace. It seems like the
call must to be done on the server.getErrorHandler which is not
defined (null) until the server has been started. Perhaps I am doing
it wrong but doing server.getErrorHandler.setShowStacks(false)
directly after server.start works.
I will now see if the customer are satisfied with the current
behavior and if not I will look into the suggestions Simone did
about custom error pages.
Cheers,
Silvio
On 22-07-19 14:17, Joakim Erdfelt
wrote:
One word of warning.
Error 400 is a bit unique and special in that many kinds of
error 400 happen very early in the processing of a potential
incoming request.
Many times the error 400 occurs before a context is known
and as a result the error is served directly from the server,
and not a context that would have the ErrorPageErrorHandler
API.
If the concern is that the error page has a stacktrace,
then you can turn that off in the
ErrorHandler.setShowStacks(false).
A typical setup on a server is that the server itself has a
generic ErrorHandler, and each context (webapp) has it's own
ErrorPageErrorHandler which has mappings for exceptions or
status codes to resources (dynamic or static) that handle the
error.
Hi,
On Mon, Jul 22, 2019 at 12:25 PM Silvio Bierman
<sbierman@xxxxxxxxxxxxxxxxxx>
wrote:
>
> Hello all,
>
> We run an application that embeds Jetty 9.4.19. Upon
receiving a
> malformed request where the Host header has been
deliberately set to
> 127.0.0.1 (and therefore does not match the request URL)
our server
> responds with:
>
> HTTP ERROR 400
>
> Problem accessing /. Reason:
>
> Host does not match SNI
>
> Caused by:
>
> <stacktrace>
>
> During a pen-test that was done by one of our customers
this was deemed
> too much internal information. What is the most easy way
to configure
> the error info that we return upon such requests?
Custom error pages, by using the ErrorPageErrorHandler API,
see e.g.
https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/ErrorPageTest.java.
--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
|