Reducing information disclosure in Tomcat error pages

Question

By default, Tomcat\'s error pages disclose both the existence of Tomcat and the exact version of the container that\'s handling the requests. This is nice for development, but

Answer 1

is the right answer, but you don't want to just redirect all error codes to some generic message. You have to think about how you want to handle each error. If you're afraid you might miss one of the codes, check out the constants in the HttpServletResponse interface.