Hi, I am using jboss-3.0.1_tomcat-4.0.4 combination for my application on linux. But there seems to be a security issue in this. When a user does curl -i <url> we can see the server header along with the server make and version. Is there a way I can stop this server header. I am pasting the result of the curl command here. ============================= HTTP/1.1 401 Unauthorized Content-Type: text/html Expires: Thu, 01 Jan 1970 00:00:00 GMT Date: Thu, 19 May 2005 07:12:48 GMT Pragma: No-cache Server: Apache Tomcat/4.0.4 (HTTP/1.1 Connector) Transfer-Encoding: chunked Cache-Control: no-cache ============================= Thanks Prasad Gudipati
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How to stop server header in tomcat - URGENT
- Thread starter gudipati1
- Start date
sedj
Programmer
- Aug 6, 2002
- 5,610
Please do NOT put "URGENT" in your subject heading - it will not get people to answer you any more quickly than usual - and in fact may put some people off answering you !
You can have tomcat use custom error pages for certain errors - eg, the below uses a custom page for a 404 error :
In your web.xml :
I would try that with your 401 error ...
--------------------------------------------------
Free Database Connection Pooling Software
You can have tomcat use custom error pages for certain errors - eg, the below uses a custom page for a 404 error :
In your web.xml :
Code:
<error-page>
<error-code>404</error-code>
<location>/error/404.html</location>
</error-page>I would try that with your 401 error ...
--------------------------------------------------
Free Database Connection Pooling Software
- Thread starter
- #3
sedj
Programmer
- Aug 6, 2002
- 5,610
Sorry, I don't quite follow - could you elaborate ?
I thought the problem was that you wanted to stop tomcat's default HTTP error pages ....
--------------------------------------------------
Free Database Connection Pooling Software
I thought the problem was that you wanted to stop tomcat's default HTTP error pages ....
--------------------------------------------------
Free Database Connection Pooling Software
- Thread starter
- #5
sedj,
My main issue is, I do not want to expose the server info like "Apache Tomcat/4.0.4 (HTTP/1.1 Connector)" when the user uses any other http clients like curl. By seeing this info, user can understand which version and which make of server is my application running on. So, I could like to replace this string with some other string like <My prod name>
Regards
Prasad
My main issue is, I do not want to expose the server info like "Apache Tomcat/4.0.4 (HTTP/1.1 Connector)" when the user uses any other http clients like curl. By seeing this info, user can understand which version and which make of server is my application running on. So, I could like to replace this string with some other string like <My prod name>
Regards
Prasad
sedj
Programmer
- Aug 6, 2002
- 5,610
Thats what my first post described how to to I believe ...
--------------------------------------------------
Free Database Connection Pooling Software
--------------------------------------------------
Free Database Connection Pooling Software
- Status
Similar threads
