Stop ColdFusion server.
Issue
ColdFusion users have reported that under certain circumstances, the Tomcat server responds to requests with a verbose error report, which exposes limited technical information about the environment.
This issue can be resolved with the following workaround.
Workaround
-
-
Navigate to [Instance Home]\runtime\conf\server.xml.
It is a good practice to back up server.xml before making changes.
-
In the Host node, add the following
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" />
You can also refer to the following Tomcat documentation:
- Tomcat docs for configuring Valve - ColdFusion (2018 release)
- Tomcat docs for configuring Valve - ColdFusion (2016 release)
-
The updated server.xml file is shown below:
<Host autoDeploy="false" appBase="webapps" name="localhost" unpackWARs="false"> <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/> . . . </Host>
-
Restart ColdFusion.
Custom error page
You can add a custom error page in ColdFusion (2018 release).
To customize the message, add the following:
errorCode.<Status Code>="Path to error page relative to the runtime folder"
For example, to customize a page for Error 500, add the following in <Valve/> in server.xml.
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" errorCode.500="../wwwroot/WEB-INF/exception/Error.html" />
You must create the custom error page and place in the specified folder.