Create a default error page #20

pjsharpe07 · 2020-08-12T19:03:40Z

Proposed feature

Default error landing page doesn't exist and some tomcat information is sent. Also, the default page exposes sensitive information as well.

See screen shot:

A default error page could prevent this potentially sensitive information from being inadvertently disclosed.

Found this via a nessus scan.

robertdebock · 2020-08-13T13:03:02Z

That is a very good plan.

Do you know how to do this? If so; please create a pull request for it. I'll help you through the process if you need help.

Otherwise, I'll work on it in some time.

Regards,

Robert de Bock.

Relates #20

robertdebock · 2020-08-26T19:19:13Z

Hi @pjsharpe07. The role now places a simple, unbranded default page. That should solve your Nessus finding.

Please let me know if this works for you.

pjsharpe07 · 2020-09-03T15:48:28Z

Thank you for doing this! Unfortunately, we remove some of those folders so this fix didn't quite work for us.

Instead, we did some work with serverinfo.properties. You can find some of the changes here.

Thanks again for doing this work!

pjsharpe07 mentioned this issue Aug 21, 2020

Default Tomcat error and landing page GSA/data.gov#1799

Closed

robertdebock added a commit that referenced this issue Aug 26, 2020

Place a simple default page.

dccceb5

Relates #20