stackoom
  简体   繁体   中英

About error-page in web.xml

 原文  2013-11-28 07:51:35       java/ jsp/ http-status-code-404/ web.xml

Question

I configure my error-page in web.xml ,for example: <error-page><error-code>404</error-code><location>/error.jsp</location></error-page>。

If I put a URL in browser that does not exits such as http: //localhost:8080/mywebsite/a , it will display the contents of error.jsp .But the URL in browser is not http: //localhost:8080/mywebsite/error.jsp , it is still http: //localhost:8080/mywebsite/a why ? And what to do if make the URL to be error.jsp ?

I ask this because I scan this URL using IBM AppScan, it says response status is 200 OK.

1 answers

solution1
 1  2013-11-28 08:04:20

There is no point in re-writing the URL to show the user that he/she has hit the error page. In-fact it may expose the structure of your application that may be harmful if you are not too careful.

http://yourhost/something/invalid/url is not much helpful for any malicious user.

But

http://yourhost/pages/errorPages/404Page.jsp

exposes a lot of critical information to the user about the structure of your web-application.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question @ResponseStatus and web.xml <error-page> <error-page> web.xml is not working web.xml error-page 404 error path Programmatically get error-page from web.xml Conditional error-page's in web.xml / skip error-page with Jersey Add <error-page> to specifc servlet within web.xml Servlet 3.0 without web.xml error-page javaconfig Issue with spring error-page and web.xml Ignoring web.xml error-page with Jersey's ExceptionMapper Unchecked Exception not being caught by Web.xml error-page
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM