5 Replies Latest reply on Nov 4, 2008 10:25 AM by jaikiran

    default server headers

    emeuwese
    emeuwese Nov 4, 2008 7:47 AM

      JBoss AS 5RC2 doesn't allow you to override default behaviour of the server and the xpoweredBy attributes of the connector.

      With the default configuration a http response looks like:

      HTTP/1.1 200 OK
X-Powered-By: Servlet 2.5;JBoss-5.0/JBossWeb-2.1
Server: Apache-Coyote/1.1
...


      If I change server to "test" and turn the x-powered-by off in the server.xml 
      <Connector protocol="HTTP/1.1" port="8080"
 address="${jboss.bind.address}"
 connectionTimeout="20000" redirectPort="8443"
 server="test" xpoweredBy="false"/>


      The results is: 
      HTTP/1.1 200 OK
X-Powered-By: Servlet 2.5;JBoss-5.0/JBossWeb-2.1
Server: test
...

      and is should be: 
      HTTP/1.1 200 OK
Server: test
...


      If I change server to "test" and turn the x-powered-by on in the server.xml 
      <Connector protocol="HTTP/1.1" port="8080"
 address="${jboss.bind.address}"
 connectionTimeout="20000" redirectPort="8443"
 server="test" xpoweredBy="true"/>


      The results is: 
      HTTP/1.1 200 OK
X-Powered-By: Servlet/2.5
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Server: test
...

      and is should be: 
      HTTP/1.1 200 OK
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Server: test
...


      If I change server to "null" because we want to remove it and turn the x-powered-by off in the server.xml 
      <Connector protocol="HTTP/1.1" port="8080"
 address="${jboss.bind.address}"
 connectionTimeout="20000" redirectPort="8443"
 server="null" xpoweredBy="false"/>


      The results is: 
      HTTP/1.1 200 OK
X-Powered-By: Servlet 2.5;JBoss-5.0/JBossWeb-2.1
Server: null

      and is should be: 
      HTTP/1.1 200 OK
...


      Server is null didn't work so let's try "" and turn the x-powered-by off in the server.xml 
      <Connector protocol="HTTP/1.1" port="8080"
 address="${jboss.bind.address}"
 connectionTimeout="20000" redirectPort="8443"
 server="" xpoweredBy="false"/>


      The results is: 
      HTTP/1.1 200 OK
X-Powered-By: Servlet 2.5;JBoss-5.0/JBossWeb-2.1
Server: Apache-Coyote/1.1

      and is should be: 
      HTTP/1.1 200 OK
...


      May be I can change the connector settings in the jmx management console

      server="null" results in 
      HTTP/1.1 200 OK
Server: Apache-Coyote/1.1

      and server="test" results in 
      HTTP/1.1 200 OK
Server: null


      xpoweredBy="false" results in 
      HTTP/1.1 200 OK
X-Powered-By: Servlet 2.5;JBoss-5.0/JBossWeb-2.1


      xpoweredBy="true" results in 
      HTTP/1.1 200 OK
X-Powered-By: Servlet 2.5;JBoss-5.0/JBossWeb-2.1
X-Powered-By: Servlet/2.5


      Changing these two attributes doesn't work in most cases. Changing the server attribute to some other text works but it can't be turned off.
      Turning the x-powered-by on or off doesn't work at all.

      Is there an other way to turn these headers off or is it a bug?

      http://www.jboss.org/file-access/default/members/jbossweb/freezone/dist/1.0.1.GA/jbossweb-usersguide.pdf
      in section 5.1 the documentation "xpoweredBy -Set this attribute to true to cause JBoss Web to advertise support for the Servlet specification using the header recommended in the specification. The default value is false."


      • 164605 Views
      • Tags:
        • 1. Re: default server headers
          jaikiran
          jaikiran Nov 4, 2008 8:22 AM (in response to emeuwese)

          Try removing the filter as suggested in this thread http://www.jboss.com/index.html?module=bb&op=viewtopic&t=142957. That thread is for JBoss-4.x. For JBoss-5, the web.xml file is under %JBOSS_HOME%\server\< serverName>\deployers\jbossweb.deployer

            • Actions
          • 2. Re: default server headers
            emeuwese
            emeuwese Nov 4, 2008 9:29 AM (in response to emeuwese)

            Removing the filter or setting the init params to none works, thanks for the tip, but it is not as it should be. Why did they build a configuration attribute and documentation for it while it doesn't work?

              • Actions
            • 3. Re: default server headers
              jaikiran
              jaikiran Nov 4, 2008 9:44 AM (in response to emeuwese)

               

              "EMeuwese" wrote:
              Why did they build a configuration attribute and documentation for it while it doesn't work?


              Maybe just a user configuration issue or maybe a genuine bug. Let me see why the filter removal part does not work in 5.0. Atleast that used to work in 4.x (i hadn't tried playing with the other flag in 4.x, so don't know how it behaved in those versions).

                • Actions
              • 4. Re: default server headers
                jaikiran
                jaikiran Nov 4, 2008 10:07 AM (in response to emeuwese)

                 

                "EMeuwese" wrote:
                Removing the filter or setting the init params to none works, thanks for the tip, but it is not as it should be. Why did they build a configuration attribute and documentation for it while it doesn't work?


                I misread this comment from you and replied earlier. I thought that it did not work when you removed the filter.

                So your question is why does it not work if the flag is set to false. Not sure. Will have to dig into the code to understand.

                  • Actions
                • 5. Re: default server headers
                  jaikiran
                  jaikiran Nov 4, 2008 10:25 AM (in response to emeuwese)

                   

                  "jaikiran" wrote:

                  So your question is why does it not work if the flag is set to false. Not sure. Will have to dig into the code to understand.


                  Just tried a few things on my JBoss-5 CR2 setup. Looks like if the filter is enabled: 
                   <filter>
 <filter-name>CommonHeadersFilter</filter-name>
 <filter-class>
 org.jboss.web.tomcat.filters.ReplyHeaderFilter</filter-class>
 <init-param>
 <param-name>X-Powered-By</param-name>
 <param-value>Servlet 2.5; JBoss-5.0/JBossWeb-2.1</param-value>
 </init-param>
 </filter>

 <filter-mapping>
 <filter-name>CommonHeadersFilter</filter-name>
 <url-pattern>/*</url-pattern>
 </filter-mapping>


                  then the xpoweredBy flag init-param on the org.apache.jasper.servlet.JspServlet class is totally ignored. 
                  <servlet>
 <servlet-name>jsp</servlet-name>
 <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
 <init-param>
 <param-name>xpoweredBy</param-name>
 <param-value>false</param-value>
 </init-param>

 ...

                  Maybe by the time the control reaches this servlet, the filter has already set the xpoweredBy value. Removing this filter and toggling the flag on the servlet init-param works as documented.

                  Not sure, why there are 2 configurations for the same (xpoweredBy) thing. However, it does make sense to add the CommonHeadersFilter if you have any other common headers to be added.

                    • Actions