Tomcat errors leak internal host/container names and ports

If the esg-search backend is requested for an invalid URI like:

`https://some-esgf.server/esg-search/search?project=x<s\>ev"q`

A tomcat error message will be returned that contains sensitive information about the deployment like hostname (or container name) and port number:

> HTTP Status 500 – Internal Server Error
> 
> Type Exception Report
> 
> Message Server returned HTTP response code: 400 for URL: http://solr-slave:8983/solr/datasets/select/

My workaround is to surpress those messages on my reverse proxy with `proxy_intercept_errors` and a custom generic error message:

```nginx
  [...]
  server {
    [...]
    proxy_intercept_errors on; # Replace all proxy_pass messages with our own
    [...]
  }
  [...]
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Tomcat errors leak internal host/container names and ports #254

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Tomcat errors leak internal host/container names and ports #254

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions