Configuration version: Tomcat6
1, virtual path, you can configure multiple hosts in a Tomcat, Docbase is the Web application directory, here in server. XML to add the application configuration, to make the Server.xml configuration effective requires a reboot of Tomcat
Unpackwars= "true" autodeploy= "true"
Xmlvalidation= "false" Xmlnamespaceaware= "false" >
<context path= "/" reloadable= "true" docbase= "D:\webroot\xxx\WebRoot\"/>
</Host>
2, disable the unwanted HTTP method, generally disable Delete,put, by default Tomcat banned Delete,put, access return 403-forbiden, here in Web. XML <web-app> Add the following disable configuration,
To enable the Web. XML configuration to take effect restart Tomcat
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
3, enable security cookie, prevent XSS cross-site attack, TOMCAT6 start to support this property, here Add enable configuration in Context.xml,context.xml configuration is called when the call takes effect do not need to restart Tomcat
Http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
<context usehttponly= "true" >
4. Modify the Tomcat version information to prevent leaks:
1) Enter the Apache-tomcat directory lib, find the Catalina.jar, use the compression tool to find the Org\apache\catalina\util under the Serverinfo.properties
Open serverinfo.properties Edit: (remove version information) as follows
Server.info=apache Tomcat
Server.number=
server.built=
2) Set the error-page of the Web. XML, specifying the return page. This can be configured in the app, and the app's configuration is only valid for the current app.
<error-page>
<error-code>500</error-code>
<location>/500.html</location>
</error-page>
Tomcat Security Configuration (disable HTTP method, deploy multiple apps, enable from security cookie, specify error page and display information)