Thursday, March 20, 2014

Hide tomcat Web Server Version Information



Hide tomcat Web Server Version Information

Replace the server version string from HTTP headers in server responses, by adding the server keyword in your Connectors in CATALINA_HOME/conf/server.xml


            server="Apache" /> 

Remove version string from HTTP error messages by repacking CATALINA_HOME/server/lib/catalina.jar with an updated ServerInfo.properties file.

Unpack catalina.jar

cd CATALINA_HOME/server/lib
jar xf catalina.jar org/apache/catalina/util/ServerInfo.properties

Update ServerInfo.properties by changing server.info line to server.info=Apache Tomcat

Repackage catalina.jar

jar uf catalina.jar org/apache/catalina/util/ServerInfo.properties

Remove CATALINA_HOME/server/lib/org (created when extracting the ServerInfo.properties file)

Restart the tomcat server.
Posted by test at 1:22 PM
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)