Reducing Tomcat Error Page Verbosity

  • Postat în IT
  • la 30-08-2021 12:39
  • de Horatiu Dan
  • 351 vizualizări

by Horatiu Dan

While in development mode, it makes sense for the working environment to signal errors and provide as many insightful details as possible so that they are easily addressed and documented.

In production, on the other hand, it is a good practice to limit the details provided to the user in case of an error, especially if these nether contribute to the UI experience nor help in general.

As someone once said, “sometimes less is more” and the main argument here is the appliacation security.

This post describes how to configure Tomcat so that in case of unexpected errors it hides pieces of information valuable for a potential attacker. Such details are the server version and the stack trace as parts of the error page.

By default, in case of an application error Tomcat displays a page as below:

Default Configuration

When looking at it, a common user can depict the application runs on Apache Tomcat, ...