In order to comply with tomcat security baseline, need to do some reinforcement:
1, administrator password encryption: "tomcat digest algorithm encryption password"
Managing User Profiles in conf / tomcat-users.xml, the password is generally clear text, if required encryption, you can fill in the ciphertext file in tomcat-users.xml after the conf / server.xml configuration encryption algorithm. Proceed as follows:
1, server.xml configure password encryption, MD5 encryption only here to do, pay attention: Realm section is a line in the default configuration, ends with /, the need to disassemble. < Realm className = "org.apache.catalina.realm.UserDatabaseRealm" the resourceName = "UserDatabase" > < CredentialHandler algorithm = "the MD5" className = "org.apache.catalina.realm.MessageDigestCredentialHandler" /> </ Realm > 2, to generate encrypted with digest.sh script md5 ciphertext output: userpassword: balabalabalabala digest.sh -a md5 userpassword 3, the generated ciphertext Alternatively conf / tomcat-users.xml the original plaintext password
2, configuration error page: "Tomcat configuration error page" , added in web.xml
<!-- 400错误 --> <error-page> <error-code>400</error-code> <location>/error.html</location> </error-page> <!-- 404 页面不存在错误 --> <error-page> <error-code>404</error-code> <location>/error.html</location> </error-page> <!- 500 Server Internal Error-> < error-Page > < error-code > 500 </ error-code > < LOCATION > /error.html </ LOCATION > </ error-Page > <-! Java.lang.Exception exception error, according to this tag can define a plurality of similar error -> < error-Page > < Exception-type > java.lang.Exception </ Exception-type > < LOCATION > /error.html </ LOCATION > </ error-Page > <!--java.lang.NullPointerException exception error, an error message may be defined based on the plurality of similar tag -> < error-Page > < Exception-type > java.lang.NullPointerException </ Exception-type > < LOCATION > /error.html < / LOCATION > </ error-Page >
3. Modify Banner: "Tomcat modify banner, hidden version information" , Server Properties to modify conf / server.xml of
打开tomcat的conf/server.xml,在server.xml找到 <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" URIEncoding="UTF-8" useBodyEncodingForURI="true" /> Modified as follows: <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" URIEncoding="UTF-8" useBodyEncodingForURI="true" server="Microsoft-IIS/6.5"/>