Reputation: 1
About error-page in web.xml
I configure my error-page in web.xml,for example: <error-page><error-code>404</error-code><location>/error.jsp</location></error-page>。
If I put a URL in browser that does not exits such as http: //localhost:8080/mywebsite/a , it will display the contents of error.jsp.But the URL in browser is not http: //localhost:8080/mywebsite/error.jsp , it is still http: //localhost:8080/mywebsite/a why ? And what to do if make the URL to be error.jsp?
I ask this because I scan this URL using IBM AppScan, it says response status is 200 OK.
Upvotes: 0
Views: 194
Answers (1)
Reputation: 5658
There is no point in re-writing the URL to show the user that he/she has hit the error page. In-fact it may expose the structure of your application that may be harmful if you are not too careful.
http://yourhost/something/invalid/url is not much helpful for any malicious user.
But
http://yourhost/pages/errorPages/404Page.jsp
exposes a lot of critical information to the user about the structure of your web-application.
Upvotes: 1
Related Questions
- Apache tomcat <error-page> tag in conf/web.xml not rendering an error page
- <error-page> defined in web.xml always comes back with HTTP status 200
- Setting 404 Error page for JSP
- 404 error not mapping with error page
- error page in web.xml giving 404
- HTTP status 404 error or web.xml error dont know
- Error page configuration in web.xml not working
- Can a JSP error-page cause problems?
- errorPage directive works, but error-page in web.xml doesn't?
- Error page in web.xml