Changeset 37741


Ignore:
Timestamp:
2023-05-09T16:26:58+12:00 (3 weeks ago)
Author:
davidb
Message:

Updated to specify the RewriteValve, so we can have a rewrite.config file in web/WEB-INF/ that monitors for (and disables by default) Open Redirect calls using GS3 href= argument; this update can be used as a 'hot-fix' to prevent these sorts of redirects on an existing GS3 install using Tomcat8

File:
1 edited

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/resources/tomcat/greenstone3.xml.svn

    r36023 r37741  
    6060         https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html -->
    6161    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="@allowedIPs@"/>
     62
     63    <!-- Allows us to include the file rewrite.config in web/WEB-INF
     64         Currently used (by default) to monitor for GS3 DL calls that use:
     65           &href=...
     66         and disable them, as malicieous users can uses this to mount an Open Redirect attack -->
     67    <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"/>
     68   
    6269</Context>
Note: See TracChangeset for help on using the changeset viewer.