| Re: [jetty-users] Question about HTTPS bad request error message |
Hi, On Mon, Jul 22, 2019 at 12:25 PM Silvio Bierman <sbierman@xxxxxxxxxxxxxxxxxx> wrote: > > Hello all, > > We run an application that embeds Jetty 9.4.19. Upon receiving a > malformed request where the Host header has been deliberately set to > 127.0.0.1 (and therefore does not match the request URL) our server > responds with: > > HTTP ERROR 400 > > Problem accessing /. Reason: > > Host does not match SNI > > Caused by: > > <stacktrace> > > During a pen-test that was done by one of our customers this was deemed > too much internal information. What is the most easy way to configure > the error info that we return upon such requests? Custom error pages, by using the ErrorPageErrorHandler API, see e.g. https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/ErrorPageTest.java. -- Simone Bordet ---- http://cometd.org http://webtide.com Developer advice, training, services and support from the Jetty & CometD experts.