This content has been marked as final.
Show 3 replies
-
1. Re: hide server version details from http requests
jaikiran Sep 25, 2008 2:02 AM (in response to laurencejm)In the %JBOSS_HOME%\server\< serverName>\deploy\jbossweb-tomcatXX.sar\conf\web.xml file, there's a filter mapping:
<filter> <filter-name>CommonHeadersFilter</filter-name> <filter-class>org.jboss.web.tomcat.filters.ReplyHeaderFilter</filter-class> <init-param> <param-name>X-Powered-By</param-name> <param-value>Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5</param-value> </init-param> </filter> <filter-mapping> <filter-name>CommonHeadersFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Try removing this entire section or maybe just the init-param (I haven't tried so don't exactly know whether removing the entire filter mapping will cause any issues).
-
2. Re: hide server version details from http requests
laurencejm Sep 25, 2008 5:08 AM (in response to laurencejm)Thanks that did the trick perfectly.
Laurence -
3. Re: hide server version details from http requests
acastanheira2001 Sep 25, 2008 10:28 AM (in response to laurencejm)Folks,
I think you can set this initialization parameter:
See %JBOSS_HOME%/server/<server_name>/deploy/jboss-web.deployer/conf/web.xml
<!-- xpoweredBy Determines whether X-Powered-By response -->
<!-- header is added by generated servlet [false] -->
The default is false.