hide server version details from http requests

laurencejm Sep 24, 2008 11:01 AM

Hi All,

I have been asked to remove outputted version numbers from web output, stuck where to start, can find no ref to versions in any of my jboss deployment, nor the jknsapi,

i can see

X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5\r\n

in my http get responses,

ANy idea how/where i can change this ?

jboss 404ga on solaris 8

Thanks

Laurence

1. Re: hide server version details from http requests

jaikiran Sep 25, 2008 2:02 AM (in response to laurencejm)
In the %JBOSS_HOME%\server\< serverName>\deploy\jbossweb-tomcatXX.sar\conf\web.xml file, there's a filter mapping:
<filter> <filter-name>CommonHeadersFilter</filter-name> <filter-class>org.jboss.web.tomcat.filters.ReplyHeaderFilter</filter-class> <init-param> <param-name>X-Powered-By</param-name> <param-value>Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5</param-value> </init-param> </filter> <filter-mapping> <filter-name>CommonHeadersFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>

Try removing this entire section or maybe just the init-param (I haven't tried so don't exactly know whether removing the entire filter mapping will cause any issues).
Actions
2. Re: hide server version details from http requests

laurencejm Sep 25, 2008 5:08 AM (in response to laurencejm)

Thanks that did the trick perfectly.

Laurence
Actions
3. Re: hide server version details from http requests

acastanheira2001 Sep 25, 2008 10:28 AM (in response to laurencejm)

Folks,

I think you can set this initialization parameter:

See %JBOSS_HOME%/server/<server_name>/deploy/jboss-web.deployer/conf/web.xml




The default is false.
Actions

Go to original post