ApacheServerTokenNotSet warning from security scan

janell72 Jul 19, 2005 7:37 PM

My IT group ran a security scan on the Windows XP server where I have JBoss 3.2.3 installed running a simple web application. The result was a warning saying the Apache Web server ServerToken has not been set in the Apache HTTP Server. The remedy said "Set the ServerToken to limit the amount of information disclosed in the HTTP header lines." Does anyone know how to resolve this warning within JBoss's configuration and exactly what the warning means? Thanks!

1. Re: ApacheServerTokenNotSet warning from security scan

jianwu Nov 28, 2005 9:30 AM (in response to janell72)

I face the same problem. But I'm working on TOMCAT. I believe this is a common mistake from the IT/security department. It shouldn't be security problem. But anyway, as they use some tool to scan, we have no choice to fix it.

I have a solution for tomcat. maybe it should be similar for you JBOSS, hope it helps you.

modify file:

$TOMCAT_HOME/conf/server.xml

add following attribute

server="DUMMY"

in the "Connector" element.

e.g.

This is only work on TOMCAT 5.1.26, but not work on TOMCAT 5.0.30.
Actions