1 Reply Latest reply on Nov 28, 2005 9:30 AM by jianwu chen

    ApacheServerTokenNotSet warning from security scan

    Janell E Newbie

      My IT group ran a security scan on the Windows XP server where I have JBoss 3.2.3 installed running a simple web application. The result was a warning saying the Apache Web server ServerToken has not been set in the Apache HTTP Server. The remedy said "Set the ServerToken to limit the amount of information disclosed in the HTTP header lines." Does anyone know how to resolve this warning within JBoss's configuration and exactly what the warning means? Thanks!

        • 1. Re: ApacheServerTokenNotSet warning from security scan
          jianwu chen Newbie

          I face the same problem. But I'm working on TOMCAT. I believe this is a common mistake from the IT/security department. It shouldn't be security problem. But anyway, as they use some tool to scan, we have no choice to fix it.

          I have a solution for tomcat. maybe it should be similar for you JBOSS, hope it helps you.

          modify file:

          $TOMCAT_HOME/conf/server.xml

          add following attribute

          server="DUMMY"

          in the "Connector" element.

          e.g.



          This is only work on TOMCAT 5.1.26, but not work on TOMCAT 5.0.30.