Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.6.0, 1.13.0
-
None
-
None
Description
We are using apache geode v1.6.0 and we also use Geode rest api. However, when our customer do vulnerability test, they found a potential security risk and we need to fix that..
The report says, http://:7070 shows the following message
HTTP ERROR 404
Problem accessing /. Reason:Not Found
*Powered by Jetty:// 9.4.8.v20171121*
As you can see, Jetty version was shown, and this is reported as a risk. I searched a lot and found we can turn off the message by configure Jetty setting as follows
{{<Item>
<New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler">
<Set name="showContexts">false</Set>
</New>
</Item>}}
But, Jetty is embedded in the Geode, how should I do to set the showContexts to false?
Any suggestion will be appreciate, thanks a lot.