diff options
author | Akhil M S <msakhil025@gmail.com> | 2022-07-02 12:40:43 +0530 |
---|---|---|
committer | Akhil M S <msakhil025@gmail.com> | 2022-07-02 12:40:43 +0530 |
commit | 4d07f40148c267d83e79243227d3ba0878ac4f9b (patch) | |
tree | c065484f51b7fb5dcc848b4eae8a2670c8bdbe6c | |
parent | ec0e1655c4bba1411bf65dc9f0f03fdfb0e4fc74 (diff) | |
download | waitress-4d07f40148c267d83e79243227d3ba0878ac4f9b.tar.gz |
Make use of ident while showing server error (generated by waitress)
this will help users to hide the server details from waitress generated error response with the help of ident value.
Some organization don't want to expose there server details to user, since it will help the attackers perform attacks based on the known vulnerability of the server.
So instead of showing generated by waitress, we can show a generic text.
-rw-r--r-- | src/waitress/task.py | 3 | ||||
-rw-r--r-- | src/waitress/utilities.py | 4 |
2 files changed, 4 insertions, 3 deletions
diff --git a/src/waitress/task.py b/src/waitress/task.py index 574532f..956c0c0 100644 --- a/src/waitress/task.py +++ b/src/waitress/task.py @@ -345,8 +345,9 @@ class ErrorTask(Task): complete = True def execute(self): + ident = self.channel.server.adj.ident e = self.request.error - status, headers, body = e.to_response() + status, headers, body = e.to_response(ident) self.status = status self.response_headers.extend(headers) # We need to explicitly tell the remote client we are closing the diff --git a/src/waitress/utilities.py b/src/waitress/utilities.py index 164752f..b0199d0 100644 --- a/src/waitress/utilities.py +++ b/src/waitress/utilities.py @@ -258,10 +258,10 @@ class Error: def __init__(self, body): self.body = body - def to_response(self): + def to_response(self,ident=None): status = f"{self.code} {self.reason}" body = f"{self.reason}\r\n\r\n{self.body}" - tag = "\r\n\r\n(generated by waitress)" + tag = "\r\n\r\n(generated by "+ident+")" if ident else "\r\n\r\n(generated by server)" body = (body + tag).encode("utf-8") headers = [("Content-Type", "text/plain; charset=utf-8")] |