Issue

ColdFusion users have reported that under certain circumstances, the Tomcat server responds to requests with a verbose error report, which exposes limited technical information about the environment.

This issue can be resolved with the following workaround.

Workaround

  1. Stop ColdFusion server.

  2. Navigate to [Instance Home]\runtime\conf\server.xml.

    It is a good practice to back up server.xml before making changes.

  3. In the Host node, add the following

    <Valve 
                   className="org.apache.catalina.valves.ErrorReportValve"
                   showReport="false"
                   showServerInfo="false" 
    />

    You can also refer to the following Tomcat documentation:

  4. The updated server.xml file is shown below:

    <Host autoDeploy="false" appBase="webapps" name="localhost" unpackWARs="false">
        <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/>
    .
    .
    .
    </Host>
  5. Restart ColdFusion.

Custom error page

You can add a custom error page in ColdFusion (2018 release).

To customize the message, add the following:

errorCode.<Status Code>="Path to error page relative to the runtime folder"

For example, to customize a page for Error 500, add the following in <Valve/> in server.xml.

<Valve 
                className="org.apache.catalina.valves.ErrorReportValve" 
                showReport="false" 
                showServerInfo="false"
                errorCode.500="../wwwroot/WEB-INF/exception/Error.html"
/>

You must create the custom error page and place in the specified folder.