Mantis - Resin
Viewing Issue Advanced Details
6076 minor always 07-27-17 09:40 11-21-17 09:42
stbu  
ferg  
normal  
closed 4.0.53  
fixed  
none    
none 4.0.54  
0006076: Configuration of <error-page> for 400 Bad Request not working: Shows "unavailable due to ***an internal error***"
When <development-mode-error-page> is not enabled (as recommended on production systems) to hide stack trace information we are able to specify our own error pages such as for 404 Not Found errors for example with a Sitemap or for 500 errors, we can still show Users a page in the style of our App with contact details to open a ticket (for example).

We would like to configure this also for 400 Bad Request which we see quite frequently in the logfiles.
  <error-page>
    <error-code>400</error-code>
    <location>/bad-request.jsp</location>
  </error-page>

I have found Bug 0003008 where something similar was reported.


My concern is that a request leading to a 400 Bad Request will be displayed quite ugly when <development-mode-error-page> is not enabled:

<..>
Server Error
The server is temporarily unavailable due to an internal error. Please notify the system administrator of this problem.
<..>

It's a little bit better with "The request contains an illegal URL." when <development-mode-error-page> is enabled (dev_mode : true).


==> Would it be possible that Resin is using the error-page location when it is configured like this?
  <error-page>
    <error-code>400</error-code>
    <location>/bad-request.jsp</location>
  </error-page>


BTW:
For me the easiest way to get a 400 Bad Request (just for testing purposes) is to use ".." in front of any real file such as:
http://caucho.com/resin-4.0/changes/..changes.xtp [^]


Notes
(0006781)
ferg   
08-14-17 15:22   
server/1q51

Note: the error-page must be in the root web-app because the invalid URL detection is before web-app dispatch.