This requires being connected to your server and editing the context.xml or web.xml file.
Here are some simple steps that can be taken to secure your information within the Tomcat structure. The two configurations we will look at are httpOnly, and custom 404/500 error messages.
HttpOnly – Custom 404 and 500 Error Messages – Securing Tomcat Root Directory
HttpOnly
- To ensure it is working, add the following configuration by editing the context.xml file located:
- Tomcat 6.5 and later the option is turned on automatically
- $CATALINA_BASE\conf Folder
- Default: $CATALINA_BASE directory will be similar to
- C:\Program Files\Apache Software Foundation\Tomcat 7.0\ directory
- Default: $CATALINA_BASE directory will be similar to
- $CATALINA_BASE\conf Folder
- For v10+ Installations
- Server/conf Folder
- Default: Server Directory will be similar to:
- C:\Program Files\iDashboards_SRV\Server\conf
- Default: Server Directory will be similar to:
- Server/conf Folder
- Tomcat 6.5 and later the option is turned on automatically
- <Context> will be the first line that is not commented out. Edit this line as follows:
- <Context path="/idashboards" useHttpOnly="true">
- Now Save the file
- Restart Tomcat/iDashboardsSRV
HttpOnly – Securing Tomcat Root Directory
Custom 404 and 500 Error Messages
This will create a redirect page so that when the application is down or the user types in the wrong address it will be forwarded to a page of your design. This helps secure the information that can be accessed.
-
- Locate the web.xml file
- Default: $CATALINA_BASE will be in a directory similar to:
- C:\Program Files\Apache Software Foundation\Tomcat 7.0\
- Default: Server Directory will be similar to:
- C:\Program Files\iDashboards_SRV\Server\conf
- Default: $CATALINA_BASE will be in a directory similar to:
- Go to the very bottom of the file. Find the Following:
- Below this section add the following:
- Create a folder call errors in: $CATALINA_BASE\webapps\idashboards
- Within that folder you will need to create the two html pages:
- 404_Error.html
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>404</error-code>
<location>/errors/404_Error.html</location>
</error-page>
- 500_Error.html
<error-page>
<error-code>500</error-code>
<location>/errors/500_Error.html</location>
</error-page>
- 404_Error.html
- Locate the web.xml file
- Copy contents and paste into the 500_Error.html
- Change 404 (<h1>ERROR 404</h1>) to 500 (<h1>ERROR 500</h1>)
- Save both files
- Repeat these steps in the idbalerts directory
- Restart Tomcat/iDashboardsSRV
**Sample HTML**
<html>
<head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type">
</head>
<body>
<div style="text-align: center;">
<h1>ERROR 404</h1>
You have reached this page in error. Please contact your iDashboards Administrator for assistance.<br>
</div>
</body>
</html>
HttpOnly – Custom 404 and 500 Error Messages
Securing Tomcat Root Directory
We will be using some of the same methods but redirect all traffic to iDashboards.
- Delete everything except the WEB-INF directory under ROOT
- Create a file called index.html in the ROOT directory
- Copy the following HTML into index.html
- This will redirect anyone that lands in the ROOT directory to iDashboards
- Go into the web.xml located in $CATALINA_BASE\ROOT\WEB-INF or Server\conf and find the Welcome text
- Now following the above text add
- Restart the Tomcat service (iDashboardsSRV)
**Sample HTML**
<html>
<head>
<meta http-equiv="refresh" content="0;URL=idashboards/index.jsp">
</head>
<body>
</body>
</html>
<display-name>Welcome to Tomcat</display-name>
<description>
Welcome to Tomcat
</description>
<error-page>
<error-code>404</error-code>
<location>/index.html</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/index.html</location>
</error-page>
HttpOnly – Custom 404 and 500 Error Messages – Securing Tomcat Root Directory
For More Information:
- All User Manuals
- Previously Read: Upgrading to Tomcat 10
- Read Next: Tomcat: SSL Certificate Installation
If the above is unable to resolve the issue, then please contact iDashboards Support for further assistance.
Comments
0 comments
Please sign in to leave a comment.