Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0006076 [Resin] minor always 07-27-17 09:40 11-21-17 09:42
Reporter stbu View Status public  
Assigned To ferg
Priority normal Resolution fixed  
Status closed   Product Version 4.0.53
Summary 0006076: Configuration of <error-page> for 400 Bad Request not working: Shows "unavailable due to ***an internal error***"
Description When <development-mode-error-page> is not enabled (as recommended on production systems) to hide stack trace information we are able to specify our own error pages such as for 404 Not Found errors for example with a Sitemap or for 500 errors, we can still show Users a page in the style of our App with contact details to open a ticket (for example).

We would like to configure this also for 400 Bad Request which we see quite frequently in the logfiles.
  <error-page>
    <error-code>400</error-code>
    <location>/bad-request.jsp</location>
  </error-page>

I have found Bug 0003008 where something similar was reported.


My concern is that a request leading to a 400 Bad Request will be displayed quite ugly when <development-mode-error-page> is not enabled:

<..>
Server Error
The server is temporarily unavailable due to an internal error. Please notify the system administrator of this problem.
<..>

It's a little bit better with "The request contains an illegal URL." when <development-mode-error-page> is enabled (dev_mode : true).


==> Would it be possible that Resin is using the error-page location when it is configured like this?
  <error-page>
    <error-code>400</error-code>
    <location>/bad-request.jsp</location>
  </error-page>


BTW:
For me the easiest way to get a 400 Bad Request (just for testing purposes) is to use ".." in front of any real file such as:
http://caucho.com/resin-4.0/changes/..changes.xtp [^]

Additional Information
Attached Files

- Relationships

- Notes
(0006781)
ferg
08-14-17 15:22

server/1q51

Note: the error-page must be in the root web-app because the invalid URL detection is before web-app dispatch.
 

- Issue History
Date Modified Username Field Change
07-27-17 09:40 stbu New Issue
07-27-17 09:40 stbu Issue Monitored: stbu
08-14-17 15:22 ferg Note Added: 0006781
08-14-17 15:22 ferg Assigned To  => ferg
08-14-17 15:22 ferg Status new => closed
08-14-17 15:22 ferg Resolution open => fixed
08-14-17 15:22 ferg Fixed in Version  => 4.0.55
11-21-17 09:42 ferg Fixed in Version 4.0.55 => 4.0.54


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
31 total queries executed.
27 unique queries executed.
Powered by Mantis Bugtracker